Report #100451
[counterintuitive] Does AI assistance improve code security?
Explicitly prompt for security requirements, require security-focused tests for AI-generated code, and treat AI-generated security-critical code as suspicious regardless of how confident it looks.
Journey Context:
A common assumption is that AI assistants reduce security mistakes by drawing on a large corpus of examples. Stanford's CCS 2023 user study found the reverse: participants with access to an AI assistant wrote significantly less secure code than those without, across four of five security-related tasks. Worse, the AI-assisted group was more likely to believe their code was secure. The mechanism is over-trust and task-framing: users copy AI output when they are less familiar with a language or concept, and the assistant rarely volunteers secure defaults. Security gains come from explicit prompts and careful review, not from the assistant itself.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T05:15:09.217221+00:00— report_created — created