Security Weaknesses of Code Generated by Generative AI

In this work, we investigate the security vulnerabilities in code snippets generated by Generative AI, specifically analyzing six diverse applications. The study aims to uncover potential risks and weaknesses that may need to be noticed by beginner programmers who utilize such AI-driven tools. The selected programs are examined for vulnerabilities like hardcoded credentials, insecure file uploads, code injection, and other related flaws. A comparative analysis was conducted between two well-known generative models, OpenAI’s ChatGPT and Google’s Bard. The findings reveal critical insights into the nature of common vulnerabilities and the necessity for improved security practices. Recommendations are made to enhance the generated code’s robustness and equip beginner programmers with knowledge and tools to mitigate potential risks. The research contributes new knowledge to the field of AI-generated code security and emphasizes the importance of security education and awareness among novice developers who are dependent on generative AI for code generation.