Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
11h ago

AppSec Pushes Verification Upstream as AI Code Swells Reviews

Early automated checks inside developer tools aim to cut flawed AI code before review.

Application Security Strategies Are Changing as AI-generated Code Floods the SDLC
Image

Overview

  • Security programs are moving checks into IDEs and CI pipelines, with governance on approved tools and data use to stop bad AI code before review.
  • Teams report more pull requests and larger changes, and analyses find unused code, hardcoded values, and higher‑risk bugs such as hardcoded values and weak auth in AI output.
  • Experiments show reviewers give AI‑generated pull requests less pushback when the code looks polished or repeats patterns, creating a blind spot.
  • Automated scans catch only part of AI mistakes, with studies citing roughly 20–25% detectable and many errors left unseen, so human review remains essential and triage should focus on real exposure.
  • Large firms responded by adding upstream automation, as Google invested in verification for LLM‑driven changes and Uber built a pre‑review system to ease reviewer load.