# Audit: AI-generated code has fewer security vulnerabilities than typical human-written code - **Generated**: 2026-03-29 - **Reader summary**: [proof.md](proof.md) - **Proof script**: [proof.py](proof.py) ## Claim Specification | Field | Value | |-------|-------| | Subject | AI-generated code (from major LLMs such as GPT-4, Claude, Copilot, DeepSeek) | | Property | security vulnerability rate compared to human-written code | | Operator | >= (applied to source count for disproof) | | Operator Note | To DISPROVE the claim, we need >= 3 independent, verified sources showing AI-generated code has EQUAL OR MORE vulnerabilities than human-written code. 'Fewer' is interpreted as a strict inequality: if AI code has the same or more vulnerabilities, the claim is false. We use proof_direction='disprove' with threshold=3, meaning 3+ verified sources rejecting the claim suffices for DISPROVED. | | Threshold | 3 | | Proof Direction | disprove | *Source: proof.py JSON summary* ## Fact Registry | ID | Key | Label | |----|-----|-------| | B1 | source_stanford | Stanford CCS 2023: AI assistant users wrote significantly less secure code | | B2 | source_veracode | Veracode 2025: 45% of AI code contains OWASP vulnerabilities | | B3 | source_coderabbit | CodeRabbit Dec 2025: AI PRs have 1.7x more issues, security up to 2.74x higher | | B4 | source_register | The Register/Georgia Tech 2026: 74 CVEs from AI-authored code tracked | | A1 | — | Verified source count rejecting the claim | *Source: proof.py JSON summary* ## Full Evidence Table ### Type A (Computed) Facts | ID | Fact | Method | Result | |----|------|--------|--------| | A1 | Verified source count rejecting the claim | count(verified citations) = 4 | 4 | ### Type B (Empirical) Facts | ID | Fact | Source | URL | Quote | Status | Method | Credibility | |----|------|--------|-----|-------|--------|--------|-------------| | B1 | Stanford CCS 2023: AI assistant users wrote significantly less secure code | Perry et al., ACM CCS 2023 (Stanford University) | https://arxiv.org/html/2211.03622v3 | "Overall, we find that participants who had access to an AI assistant wrote significantly less secure code than those without access to an assistant." | verified | full_quote | Tier 4 (academic) | | B2 | Veracode 2025: 45% of AI code contains OWASP vulnerabilities | Help Net Security / Veracode 2025 GenAI Code Security Report | https://www.helpnetsecurity.com/2025/08/07/create-ai-code-security-risks/ | "in 45 percent of all test cases, LLMs produced code containing vulnerabilities aligned with the OWASP Top 10" | verified | full_quote | Tier 2 (unknown) | | B3 | CodeRabbit Dec 2025: AI PRs have 1.7x more issues, security up to 2.74x higher | CodeRabbit State of AI vs Human Code Generation Report (Dec 2025) | https://www.coderabbit.ai/blog/state-of-ai-vs-human-code-generation-report | "Security issues were up to 2.74x higher" | verified | full_quote | Tier 2 (unknown) | | B4 | The Register/Georgia Tech 2026: 74 CVEs from AI-authored code tracked | The Register / Georgia Tech SSLab (Mar 2026) | https://www.theregister.com/2026/03/26/ai_coding_assistant_not_more_secure/ | "Claude Code alone now appears in more than 4 percent of public commits on GitHub. If AI were truly responsible for only 74 out of 50,000 public vulnerabilities, that would imply AI-generated code is orders of magnitude safer than human-written code. We do not think that is credible." | partial | aggressive_normalization (fragment_match, 8 words) | Tier 2 (unknown) | *Source: proof.py JSON summary* ## Citation Verification Details **B1 (source_stanford)** - Status: verified - Method: full_quote - Fetch mode: live **B2 (source_veracode)** - Status: verified - Method: full_quote - Fetch mode: live **B3 (source_coderabbit)** - Status: verified - Method: full_quote - Fetch mode: live **B4 (source_register)** - Status: partial - Method: aggressive_normalization (fragment_match, 8 words) - Fetch mode: live - Impact: B4 provides corroborating CVE tracking data. The disproof does not depend solely on this source — B1, B2, and B3 are fully verified and independently establish the disproof with 3 sources meeting the threshold. (Source: author analysis) *Source: proof.py JSON summary (status, method, fetch_mode); impact analysis is author analysis* ## Computation Traces ``` Confirmed sources rejecting the claim: 4 / 4 verified source count vs threshold: 4 >= 3 = True ``` *Source: proof.py inline output (execution trace)* ## Independent Source Agreement (Rule 6) | Aspect | Detail | |--------|--------| | Sources consulted | 4 | | Sources verified | 4 (3 fully verified, 1 partial) | | source_stanford | verified | | source_veracode | verified | | source_coderabbit | verified | | source_register | partial | **Independence note**: Sources are from independent institutions using different methodologies: (1) Stanford — controlled user study with 47 participants, (2) Veracode — automated testing of 100+ LLMs across 80 tasks, (3) CodeRabbit — analysis of 470 real-world GitHub PRs, (4) Georgia Tech — CVE tracking across open-source ecosystem. No two sources share methodology or data. *Source: proof.py JSON summary* ## Adversarial Checks (Rule 5) **Check 1: Are there any peer-reviewed studies showing AI-generated code has FEWER vulnerabilities than human code?** - Verification performed: Searched: 'AI generated code more secure than human code evidence study 2025 2026'. Reviewed top 10 results from Google. No study found that concludes AI-generated code is more secure overall. All results either show AI code has more vulnerabilities or discuss the security risks of AI-generated code. - Finding: No peer-reviewed study found showing AI-generated code has fewer vulnerabilities. The Veracode Spring 2026 update title explicitly states: 'Despite Claims, AI Models Are Still Failing Security.' The Register's March 2026 article is titled: 'Using AI to code does not mean your code is more secure.' - Breaks proof: No **Check 2: Could AI code be safer in specific narrow contexts even if worse overall?** - Verification performed: Searched for domain-specific studies where AI might outperform humans on security. Some sources note that AI models are improving at syntax correctness (50% to 95% since 2023), but Veracode found security pass rates have remained flat at 45-55% regardless of model generation. No narrow domain was identified where AI code is demonstrably safer. - Finding: While AI coding accuracy has improved, security-specific performance has not. The claim is stated broadly ('AI-generated code'), not for a specific narrow domain, so the broad evidence applies. - Breaks proof: No **Check 3: Do the studies use outdated AI models that no longer reflect current capabilities?** - Verification performed: Checked recency of sources: Stanford study used Codex (2023), Veracode tested 100+ LLMs including current models (2025), CodeRabbit analyzed real-world GitHub PRs (Dec 2025), Georgia Tech tracked CVEs through March 2026. The most recent sources (2025-2026) test current-generation models and still find elevated vulnerability rates. - Finding: Sources span 2023-2026, with the most recent using current models. The pattern of AI code having more vulnerabilities is consistent across model generations. This does not break the proof. - Breaks proof: No *Source: proof.py JSON summary* ## Source Credibility Assessment | Fact ID | Domain | Type | Tier | Note | |---------|--------|------|------|------| | B1 | arxiv.org | academic | 4 | Known academic/scholarly publisher | | B2 | helpnetsecurity.com | unknown | 2 | Unclassified domain — verify source authority manually. Reports findings from Veracode, a major application security company. | | B3 | coderabbit.ai | unknown | 2 | Unclassified domain — verify source authority manually. CodeRabbit is an AI code review platform; report is their own research. | | B4 | theregister.com | unknown | 2 | Unclassified domain — verify source authority manually. The Register is a well-established tech news outlet (founded 1994); article reports Georgia Tech SSLab research. | Note: 3 citations come from tier-2 (unclassified) domains. However: (a) Help Net Security reports Veracode's peer-reviewed research, (b) CodeRabbit's report uses their own platform data from 470 PRs, and (c) The Register reports Georgia Tech academic research. The tier-4 academic source (B1) independently confirms the overall finding. The disproof does not depend on any single tier-2 source. *Source: proof.py JSON summary (credibility data); tier analysis is author analysis* ## Extraction Records For this qualitative consensus proof, extractions record citation verification status rather than numeric values. | Fact ID | Value (Status) | Countable | Quote Snippet | |---------|---------------|-----------|---------------| | B1 | verified | Yes | "Overall, we find that participants who had access to an AI assistant wrote signi..." | | B2 | verified | Yes | "in 45 percent of all test cases, LLMs produced code containing vulnerabilities a..." | | B3 | verified | Yes | "Security issues were up to 2.74x higher" | | B4 | partial | Yes | "Claude Code alone now appears in more than 4 percent of public commits on GitHub..." | *Source: proof.py JSON summary* ## Hardening Checklist | Rule | Status | Detail | |------|--------|--------| | Rule 1: No hand-typed values | N/A | Qualitative consensus proof — no numeric extraction | | Rule 2: Citations verified by fetching | Pass | All 4 citations fetched live; 3 fully verified, 1 partial | | Rule 3: System time anchored | Pass | `date.today()` used for generation date | | Rule 4: Explicit claim interpretation | Pass | CLAIM_FORMAL with operator_note documenting disproof strategy | | Rule 5: Adversarial checks | Pass | 3 adversarial checks searching for supporting evidence; none found | | Rule 6: Independent cross-checks | Pass | 4 sources from independent institutions with different methodologies | | Rule 7: No hard-coded constants | N/A | Qualitative proof — no formulas or constants | | validate_proof.py | PASS with warnings | 14/15 checks passed, 0 issues, 1 warning (no else branch in verdict assignment) | *Source: author analysis* --- Generated by [proof-engine](https://github.com/yaniv-golan/proof-engine) v1.2.0 on 2026-03-29.