Ana

I ve been using a lot of AI-generated code lately, and while it definitely speeds things up, security feels like a weak spot.

I ve run into issues like missing auth, exposed endpoints, and weak configs stuff that AI doesn t really flag unless you explicitly ask.

Curious how others are handling this:

• Do you rely more on manual reviews or tools?

• Any workflows that consistently catch vulnerabilities?

• Have you faced any real incidents because of AI-generated code?

After using a lot of AI-generated code lately, I've found myself spending a lot of hours on checking and repairing a lot of easy-to-spot security flaws. That being said, AI generally sucks at actually implementing secure code (or architectures), as well as recommending what to do to make your app more secure (sometimes even decently secure).

Have you had this problem as well? If yes, how do you tackle it?