Your AI-Generated Code Isn't Secure — Here's What We Find Every Time

Veracode tested 150+ AI models and found 45% of generated code introduces OWASP Top 10 vulnerabilities. The failure rate for cross-site scripting defences is 86% — and it isn't improving with newer models. Here's what that looks like inside a real codebase, what you can check yourself in 30 minutes, and what the UK's National Cyber Security Centre is now saying about it.




If you built something with Lovable, Bolt.new, Cursor, Replit, or v0 — and it's live, or about to be — six specific securi