Security Review of AI-Generated Code

AI happily writes code with classic vulnerabilities. Learn the OWASP-aligned review checklist for AI output, the prompts that catch issues early, and the tools that automate the rest.

13 min · Reviewed 2026

AI Has Read Every Vulnerability, And Sometimes Writes One

Models train on public code, and public code is full of vulnerabilities. The model learns common patterns — including the insecure ones. SQL strings concatenated with user input, secrets hardcoded for examples, `eval` of user data, missing auth checks. AI will reproduce all of these on demand if you don't tell it not to.

The top eight AI-generated vulnerabilities to watch for

Vuln	What AI does	Fix
SQL injection	f-string queries with user input	Parameterized queries, prepared statements
Command injection	`subprocess.call(f"{user}")`	`subprocess.run([], shell=False)`
Path traversal	`open(user_input)` with no allowlist	Resolve, normalize, check inside allowed dir
Hardcoded secrets	`API_KEY = "sk-"` in committed file	Read from env, use a secrets manager
Missing auth	Endpoint without role/permission check	Decorator/middleware mandatory on all routes
Open redirect	`redirect(request.args.get("next"))`	Allowlist of safe redirect targets
XSS	`dangerouslySetInnerHTML` with user data	Escape, or use safe APIs
Insecure deserialization	`pickle.loads(user_input)`	Use JSON; if pickle, sign and verify

The pre-flight prompt addition

# Append to any code-generation prompt that touches: # - user input # - filesystems # - shells # - databases # - HTTP # - secrets "Apply OWASP best practices. No string-concatenated SQL — use parameterized queries. No shell=True in subprocess calls. No eval/exec. Read all secrets from env vars, never hardcode. Validate all user input with explicit schemas (Zod, Pydantic, etc.). If you generate code with any of these, flag it and explain why you couldn't avoid it."A 70-word boilerplate that stops 80% of AI-introduced vulns at the source.

The 5-minute review pass

Search the diff for `f"`, `"" + `, or template strings near `query`, `execute`, `exec`, `subprocess`
Search for hardcoded strings starting with `sk-`, `pk-`, `AKIA`, `ghp_`, `xoxb-`, `Bearer ` followed by characters
Confirm every endpoint has explicit auth — `@require_auth`, `requireUser()`, etc.
Search for `eval(`, `exec(`, `pickle.loads(`, `Function(`, `setTimeout("`, `innerHTML`
Verify error messages don't leak internals — check `except: return str(e)` patterns

Tools that automate the boring parts

Tool	What it catches	Setup
Semgrep	Pattern-based vulns (SQLi, command inj, etc.)	`semgrep --config=auto .`
Bandit (Python)	Common Python security smells	`pip install bandit && bandit -r .`
ESLint security plugins	JS/TS security patterns	`eslint-plugin-security`
GitHub Code Scanning	CodeQL queries on every push	Free for public repos
Trivy / Grype	Vulnerable dependencies in lockfiles	CI step or local scan
GitGuardian / TruffleHog	Hardcoded secrets in commits	Pre-commit hook + CI

The adversarial review prompt

# After AI writes code, run this in a fresh chat: "Act as a security auditor. The following code was just generated by AI. List every realistic security issue you can find, ranked by severity (critical/high/med/low). For each: the line numbers, the threat model (who attacks how), and the fix. Do not be polite. Assume hostile users. <paste code>" # Use a *different* model than wrote the code if possible. # A second pair of eyes from a different family catches what the first missed.Cross-family adversarial review catches more than same-family review. Mix Claude with GPT for coverage.

What no AI catches

Business-logic flaws (a logged-in user accessing another tenant's data via the wrong route param)
Race conditions in concurrent code
Subtle privilege escalation through chained features
Side channels (timing attacks on `==` comparison of secrets)

AI knows the patterns. Humans know the threats.
— An application security engineer

The big idea: AI accelerates code, but it does not understand attackers. Apply the OWASP-aligned prompt boilerplate, run static analyzers automatically, and budget a human security review for anything user-facing. Speed without security is a CVE in waiting.

End-of-lesson check

8 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coding-debug-security-review-creators

What is the main idea of "Security Review of AI-Generated Code"?
1. AI happily writes code with classic vulnerabilities.
2. Use AI as the final authority for the whole decision
3. Avoid checking the answer once it sounds polished
4. Focus only on speed instead of judgment
Which concept is most central to "Security Review of AI-Generated Code"?
1. injection
2. OWASP
3. secrets
4. authorization
Which use of AI fits this topic best?
1. Let the AI decide what matters without your review
2. Use the answer before checking whether it fits the situation
3. Search the diff for `f"`, `"" + `, or template strings near `query`, `execute`, `exec`, `subprocess`
4. Treat the AI output as automatically correct
What should a careful learner remember about "AI's favorite vuln: the helpful error message"?
1. Use AI to draft or organize ideas about OWASP, then verify before acting.
2. Skip the context so the tool can guess faster
3. Treat the output as private even after sharing it online
4. Use the answer without checking the source
You want to use AI after this lesson. What is the safest next step?
1. Act immediately because the AI answer is written clearly
2. Use AI for drafting and comparison, but verify before publishing or relying on it.
3. Hide uncertainty so the final answer looks cleaner
4. Use private or sensitive details before checking permission
How should AI output about OWASP be treated?
1. As proof that no other source is needed
2. As a replacement for context, consent, or expert review
3. As a draft or helper output that still needs human judgment and verification
4. As something that becomes correct when it sounds confident
Name one way to verify an AI answer about OWASP.
Which action would help you apply "Security Review of AI-Generated Code" responsibly?
1. Use the tool to avoid thinking through the tradeoff
2. Keep going even if the output conflicts with a trusted source
3. Treat the AI output as automatically correct
4. Search for hardcoded strings starting with `sk-`, `pk-`, `AKIA`, `ghp_`, `xoxb-`, `Bearer ` followed by characters

← Back to interactive lesson

Tendril · Creators · AI-Assisted Coding