threat_intelligence833 wordsRead on Arc Codex

RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

How bad is AI at writing secure code? Only as bad as the humans whose code was used to train it, said OX Security VP of Research Eyal Paz and Security Researcher Nir Zadok in an RSAC 2026 track session Wednesday.Paz and Zadok presented findings from both their own experiments with AI coding assistants and from real-world examples of human-created and AI-generated code from the open-source ecosystem.Their assessments revealed several common patterns among code produced by AI models, such as heavy use of inline comments and monolithic architectures. Security-wise, they observed models consistently generating code with weaknesses such as path traversal, cross-site scripting (XSS), command injection, server-side request forgery (SSRF) and open redirects.“None of them is adding the proper sanitization or any other way to avoid these kinds of vulnerabilities,” said Paz. “So, when you create an application out-of-the-box you also get the same kind of vulnerabilities regardless of the model and AI coding agent that you use.” Related reading: OX Security also saw similar results using prompt-to-app services such as Lovable, Base44 and bolt.new and only Lovable detected the vulnerabilities in a pre-deployment scan, but only in two out of three scan attempts.“Even when you tell it specifically what to use, it’s not a guaranteed success,” added Paz, who said providing specific security instructions and OWASP best practices worked with Lovable but only resulted in partial fixes by Base44 and bolt.new. Simply asking the services to create a secure application failed across the board.Zadok went over four specific vulnerabilities in two open-source vibe coded projects that the OX Security team discovered and reported – one in the DeepSeek OCR App by rdumasia303 and three in SaaS-Starter by UllrAI.DeepSeek OCR App is an app that allows users to upload PDFs and images to be analyzed by DeepSeek’s Optical Character Recognition (OCR) model, with the output exported in formats such as markdown, HTML, DOCX and JSON. The project had more than 1,600 stars and nearly 300 forks on GitHub at the time of analysis.OX Security found that the app was vulnerable to unauthenticated remote code execution through the upload of a specially crafted PDF document.“When this file is uploaded to the application it gets propagated into the backend code of the application and can lead to commands being ran on the server hosting the application,” Zadok explained.The latest version of DeepSeek OCR App remains vulnerable to this flaw, Zadok said.SaaS-Starter by UllrAI (not to be confused with nextjs’ saas-starter) is another vibe coded project that serves as a starter kit for developers to quickly launch their own software-as-a-service project with features such as authentication, payments and database operations. The project had more than 200 stars and 43 forks on GitHub at the time of analysis.The three vulnerabilities were an open redirect, a client-side SSRF flaw and a server-side SSRF flaw, with the latter being found in a preproduction version of the code. The open redirect flaw could have caused users to be redirecting to phishing sites, while the SSRF flaws could have exposed sensitive internal data and services, potentially leading to “severe consequences,” Zadok said.All of these vulnerabilities were patched as of Jan. 29, 2026, and the developer has since added a security policy to the project.While AI was found to frequently produce code with vulnerabilities, Paz noted that the vulnerabilities are “nothing new” and are the types of common vulnerabilities one would expect to see from a “junior developer.”In fact, Paz said AI doesn’t create more vulnerabilities than humans – it just produces more code in general.“It creates the exact same amount of vulnerabilities in proportion. Keep in mind that AI mimics the code that humans created in the last 20 years,” Paz said.Paz further noted that AI is mostly trained from open-source code that is publicly available on the web, much of which is produced by less experienced developers. The real danger of AI-generated code is the speed and volume at which this amateurish, insecure code can be produced and deployed without proper vetting.The speakers recommended organizations adopt AI coding at a gradual pace rather than adopting it rapidly or avoiding it altogether. This will give the organization a way to see what works and what doesn’t before fully implementing it across the organization. Importantly, they recommended the inclusion of highly specific security guidelines in prompts, telling the AI exactly what security mechanisms to use to avoid common pitfalls.“We are not doomed. There is a responsible way to create code faster while still creating it in a secure way,” Paz concluded. RSAC, AI/ML, DevSecOps, Vulnerability Management RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors Eyal Paz and Nir Zadok of OX Security discuss the security of AI code at RSAC 2026. (Photo Credit: Laura French) An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Get daily email updates SC Media's daily must-read of the most current and pressing daily news You can skip this ad in 5 seconds

How it works

Once you click Generate, Ollama reads this article and crafts 5 comprehension questions. Your answers are graded against the article content — general knowledge won't be enough. Score 70+ to count toward your certificate.

Questions are cached — you'll always get the same 5 for this article.