AI Coding Agents Introduce Security Vulnerabilities in Production Software

📌 A report by DryRun Security reveals that AI coding agents, including those from Anthropic, OpenAI, and Google, are introducing security vulnerabilities at a high rate in production software. These agents, such as Claude Code, OpenAI Codex, and Google Gemini, are used by development teams to write code but frequently omit critical security components. The findings highlight that AI-generated code repeats decade-old security mistakes despite producing functional software rapidly. The report does not specify exact vulnerability types or CVE IDs but emphasizes systemic security oversights in AI-assisted development. DryRun Security’s CEO, James Wickett, noted that security is not a default consideration for these agents.