Report by Veracode
2025 GenAI Code Security Report
6 FINDINGSPublished Jul 30, 2025
View Original Report →Key Findings
LLMs failed to secure code against cross-site scripting (CWE-80) in 86% of cases.
Veracode2025 GenAI Code Security Report·Jul 30, 2025
AI codeGen AILLMsCross-site scriptin
AI-generated code introduces security vulnerabilities in 45% of cases.
Veracode2025 GenAI Code Security Report·Jul 30, 2025
AI codeGen AISecurity vulnerabilities
When given a choice between a secure and insecure method to write code, GenAI models chose the insecure option 45% of the time.
Veracode2025 GenAI Code Security Report·Jul 30, 2025
AI codeGen AISecurity vulnerabilities
In 45% of all test cases, LLMs introduced vulnerabilities classified within the OWASP Top 10.
Veracode2025 GenAI Code Security Report·Jul 30, 2025
AI codeGen AILLMsOWASP
Java was found to be the riskiest language for AI code generation, with a security failure rate over 70%. Other major languages, such as Python, C#, and JavaScript, presented significant risk, with failure rates between 38 percent and 45 percent.
Veracode2025 GenAI Code Security Report·Jul 30, 2025
AI codeGen AIJavaPythonC#
LLMs failed to secure code against log injection (CWE-117) in 88% of cases
Veracode2025 GenAI Code Security Report·Jul 30, 2025
AI codeGen AILLMsLog injection