AI Can Code Faster Than Humans, But Speed Comes With Far-Reaching Risks

Authored by Autumn Spredemann via The Epoch Times,

Artificial intelligence-generated code has become a daily fixture for developers across the technological spectrum. These digital tools have made writing lengthy code much easier. However, experts say this trade-off comes with new security risks and a continued need for human oversight.

Developers say artificial intelligence (AI) slashes a lot of the grunt work in writing code, but seasoned developers are spotting flaws at an alarming rate.

The security testing company Veracode published research in July—gathered from more than 100 large language model (LLM) AI tools—that showed while AI generates working code at astonishing speed, it’s also rife with cyberattack potential.

The report noted 45 percent of code samples failed security tests and introduced vulnerabilities outlined by the cybersecurity nonprofit, the Open Worldwide Application Security Project.

Veracode researchers called the study’s findings a “wake-up call for developers, security leaders, and anyone relying on AI to move faster.”

Some experts say the high number of security flaws isn’t shocking given AI’s current limitations with coding.

“I’m surprised the percentage isn’t higher. AI-generated code, even when it works, tends to have a lot of logical flaws that simply reflect a lack of context and thoughtfulness,” Kirk Sigmon, programmer and partner at intellectual property law firm Banner Witcoff, told The Epoch Times.

Cybersecurity researcher and former mission operator for the Iris Lunar Rover, Harshvardhan Chunawala, compared AI code writing to home building. He said it’s like having AI draft a quick blueprint for a house, but the blueprint might include doors that don’t lock, windows that don’t fit, or wiring that’s unsafe.

And with AI’s advance into critical digital infrastructure, he said the system isn’t just making “blueprints” anymore, but ordering materials and beginning construction before a foundation inspection has taken place.

“A human architect still has to check every detail before the ‘house’ is safe to live in,” Chunawala said.

Sigmon has extensive coding experience with AI and its subset, machine learning. He used a recent example to highlight the limitations of AI-generated code.

“I was helping a friend program a space-themed website one night, and I tried to see if an LLM could give me some quick and easy code for CSS3-friendly panoramic stars for the website background,” he said.

Sigmon noted the results were underwhelming and demonstrated AI’s current limitations.

“The model’s output did indeed comprise code that tried to generate stars, but it lumped all of them in the upper-right corner of the browser and, instead of making them twinkle nicely, made them strobe like some sort of impromptu rave,” he said.

“It knew to draw stars in a background and knew they should twinkle, but had no bigger-picture context on why I’d want that, much less how it could look aesthetically pleasing.”

Sigmon said AI-generated code is also creating lazy habits that will have an impact on the industry’s future.

“Code quality has gotten way, way worse overall. One of the more concerning issues is on the academic side. If students can use AI models to generate their homework projects, then they don’t tend to learn good coding practices,” he said.

Hallucinating Code

Sigmon said he learned to code the way many old-school programmers did: through trial and error.

“The ready availability of lazy, AI-generated code means that new graduates are entering the workforce and also generating bad [or] unreliable code, which means that lots of programs are simply becoming worse,” he said.

Consequently, many modern codebases are largely incomprehensible or not very useful anymore, according to Sigmon.

“I used to be able to pick up any other coder’s work and roughly understand their intent … Nowadays, lots of it just gives me a crippling headache,” he said.

A person holds a telephone displaying OpenAI s ChatGPT artificial intelligence logo in Brittany, France ,on Feb. 26 2025. Vincent Feuray/Hans Lucas/AFP via Getty Images

A fellow coder and former web content manager who asked only to be referred to by his first name, James, agreed with Sigmon.

“You need to be really careful with your edits. You just can’t trust AI code,” James told The Epoch Times. He said coders need to be careful because the more complex a project gets, the worse AI’s “hallucinations” will be.

When AI perceives a pattern or object that either doesn’t exist or is imperceptible to human observers, it can create outputs that are either illogical or just plain wrong. This pattern is often referred to as a “hallucination,” and James said it can be an infuriating part of dealing with AI-generated code.

“You can get pretty far down the line [in code] before realizing there’s a mistake and AI was just hallucinating,” he said.

AI hallucinations have already made headlines for the problems they can create in the workplace. A 2024 study observed LLMs had a “hallucination” rate between 69 percent and 88 percent, based on responses to specific legal queries.

Stanford RegLab and the Institute for Human-Centered AI researchers found that LLM performance “deteriorates when dealing with more complex tasks that require a nuanced understanding of legal issues or interpretation of legal texts.”

In a recent side-by-side comparison of some of the largest LLM products—Claude, Gemini, and ChatGPT—Claude was found to have the lowest “hallucination” rate, at around 17 percent.

Throwing another wrench into the equation, James said AI sometimes doubles down on its mistakes, or even defends them.

“This happened while I was developing a role-playing combat app. What I wanted was just to grab the name from the first file, and it [AI] kept losing that, and it kept trying to take other data from the same file,” James said.

When James pointed out the mistake, he said the AI tool “refused to let it go.” It’s an issue he’s encountered with several different AI tools in the LLM category.

Changing the Vibe

Chunawala said AI has been a game-changer for code writing.

“The single biggest change for us computer scientists has been speed. Where developers once spent hours setting up the skeleton of a program or writing repetitive test cases, AI can now draft those in minutes,” Chunawala told The Epoch Times.

However, he said this newfound speed comes with a significant challenge: trust.

“AI often generates code that looks flawless at first glance, yet when you examine it closely, you discover gaps in logic, outdated methods, or subtle flaws that can compromise security,” Chunawala said.

Cybersecurity expert, Nick Nikiforakis, told The Epoch Times that AI is good at writing “boilerplate” code.

“It is not difficult to write; it is repetitive, and yet it is something that is required. AI excels in producing that kind of code, which can be used with minimal modifications, assuming the prompt included all the right specifications,” Nikiforakis said.

He believes the verdict is still out on whether the average developer can create code with fewer bugs than its AI-generated counterpart. That said, Nikiforakis thinks “vibe coding” could create a dangerous scenario.

Coined by AI researcher Andrej Karpathy, “vibe coding” is a software development method that uses LLM tools to generate code from natural language prompts, with the developer focusing on goals, feedback, and experimentation versus reviewing or editing the AI code itself.

Vibe coding has become synonymous with the idea that a human developer can just trust AI to get it right while staying focused on the bigger picture.

Nikiforakis says that’s problematic.

“If you have people who don’t write software for a living, and never dreamed of trying before AI, then their only gauge on whether a piece of software is good is its functionality,” he said.

“Unfortunately, this is a case of ‘you don’t know what you don’t know,’ and therefore these users would not be able to recognize a vulnerability that finds its way into their production software.”

Undated file photo showing a „virus” warning and binary codes on a computer screen. Peter Byrne/PA

Nikiforakis said if vibe-coded software becomes popular, it’ll be a “recipe for disaster.”

Chunawala said AI code should be taken seriously from a security standpoint.

“Research has shown that roughly 40 to 45 percent of AI-generated applications contain vulnerabilities. In other words, almost half of the software created with AI could give attackers an opening,” he said.

Chunawala emphasized that these security vulnerabilities are not abstract. He called them “very real risks” and gave examples such as failing to sanitize user input, which can allow malicious commands to sneak in.

Another security risk with AI-generated code is the reliance on outdated “libraries” that hackers already know how to exploit.

“This happens because AI is trained on vast amounts of public code, and much of that public code already contains mistakes,” Chunawala said.

“The model doesn’t distinguish between best practice and bad practice; it reproduces both. Without thorough human review and guardrails, these weak spots go straight into production systems,” he added.

But therein lies another problem: Human coders and software developers are losing jobs to AI at an accelerating pace.

Research from the Federal Reserve of St. Louis indicates job postings for software developers have been declining since 2022.

James is part of the tech workforce that has been struggling to find steady work since he was laid off with the rest of his department in February. When he looked for jobs four years ago, James said employers were practically “throwing money” at him.

Now, he said, the job market is flooded with talented developers looking for work.

“Part of it is the efficiency of AI. We can do what we did before, but we can do it much faster. You don’t need extra people. Maybe you used to need two or three developers, but now you only need one,“ James said, emphasizing that competition for jobs in his field is ”through the roof.”

“In an ideal world, you would need a team to review anything AI builds. But these decisions aren’t typically made by the people who understand the technology,” he said.