IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
AI coding models make working code, not secure code

AI coding models make working code, not secure code

Thu, 16th Jul 2026 (Today)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

An independent study found that leading AI coding models produce working code far more often than secure code. The research tested four models across 200 coding tasks.

The study examined Claude Opus 4.8, GPT-5.5, Gemini 3.1 Pro and Gemini 3.5 Flash using two established benchmarks that measure security performance in code generation. It was carried out by Ilya Kabanov of The Weather Report and funded by application security company Checkmarx, which said it did not design the tests or influence the conclusions.

The newest models solved coding tasks correctly 83% to 95% of the time, up from 44% to 61% for an earlier generation of systems. Yet the share of answers that were both functional and free of the intended security flaw was only 24% to 36%.

That left a wide gap between code that worked and code that could be shipped without the vulnerability each task was designed to expose. Roughly two-thirds to three-quarters of working outputs still contained the precise weakness they should have avoided.

Security gap

The benchmark design aimed to move beyond simple code snippets. One test, CyberSecEval, focused on security at the snippet level. The other, SusVibes, placed models inside open-source repositories built around real historical vulnerabilities to mimic how AI tools behave in a live codebase.

Because CyberSecEval had also been run on GPT-3.5 and GPT-4 in 2023, the research allowed a comparison across model generations rather than a single snapshot. The findings suggest coding performance has improved sharply while security performance has not kept pace.

The study also found that familiarity with known flaws did not stop models from reproducing them. This pattern appeared even when the vulnerabilities had been publicly documented before the models were trained.

There was also no simple link between coding accuracy and secure output. In one test, the model with the highest rate of correct code ranked lowest for security.

Knowing and doing

Kabanov's analysis points to an execution problem rather than a lack of security knowledge. Models could often identify the right defensive measure when asked directly, but still failed to apply it when writing the final code.

In several audited cases, a model spelled out the exact defence needed in its planning notes and then generated a vulnerable version anyway. That matters for organisations that assume better reasoning or larger models will automatically reduce security risk.

The study tested several interventions to see whether the gap could be narrowed. A simple prompt telling the model to follow security best practice improved results by only 1 to 8 percentage points on repository-based tasks.

Asking the system to reason harder did not improve security and halved the number of working solutions. Two more structured steps performed better: requiring a threat model before code generation lifted the share of secure and working outputs to 43% to 49%, while adding a dedicated security review afterwards increased that figure to 47% to 56%.

Even then, about half of tasks still produced insecure code. Those extra checks also came with computing costs four to five times higher than generating code alone.

A Checkmarx executive said the most notable finding was that models often appeared to understand what secure code required but still failed to produce it.

"The most striking thing in this research isn't that AI models make security mistakes, it's that they often know better and do it anyway," said Eran Kinsbruner, Vice President, Checkmarx. "We saw models correctly name the exact defence needed in their own threat model, then ship the vulnerable code regardless. That's not a knowledge gap, it's an execution gap, and it tells you these tools can't be left to secure themselves unchecked."

Indian context

The findings are likely to draw attention in India, where enterprises, global capability centres and IT services groups are rapidly adopting AI-assisted software development. The country plays a central role in writing and maintaining software for global clients, including systems that handle payments, health information and infrastructure operations.

That raises the stakes for internal review processes as AI-generated code moves further into production environments. Security teams may face added pressure because the apparent reliability of generated code can mask weaknesses that emerge only under closer examination.

The study also highlighted false-positive noise as an issue for defenders, a point that may resonate with Indian cyber teams already dealing with alert fatigue and limited specialist resources. In regulated sectors, the burden is not only technical but operational, especially where cyber resilience and data handling standards face closer scrutiny.

For companies using AI coding tools, the results suggest output quality and security quality are diverging rather than improving together. The highest secure-and-working score in the tests was 56%.