Report by Veracode
2025 GenAI Code Security Report
6 FINDINGSPublished Jul 30, 2025
View Original Report →Key Findings
LLMs failed to secure code against cross-site scripting (CWE-80) in 86% of cases.
AI codeGen AILLMsCross-site scriptin
AI-generated code introduces security vulnerabilities in 45% of cases.
AI codeGen AISecurity vulnerabilities
When given a choice between a secure and insecure method to write code, GenAI models chose the insecure option 45% of the time.
AI codeGen AISecurity vulnerabilities
In 45% of all test cases, LLMs introduced vulnerabilities classified within the OWASP Top 10.
AI codeGen AILLMsOWASP
Java was found to be the riskiest language for AI code generation, with a security failure rate over 70%. Other major languages, such as Python, C#, and JavaScript, presented significant risk, with failure rates between 38 percent and 45 percent.
AI codeGen AIJavaPythonC#
LLMs failed to secure code against log injection (CWE-117) in 88% of cases
AI codeGen AILLMsLog injection