Is AI-Generated Code Secure?
The title of this diary is perhaps a bit catchy but the question is important. I don’t consider myself as a good developer. That’s not my day job and I’m writing code to improve my daily tasks. I like to say “I’m writing sh*ty code! It works for me, no warranty that it will for for you”. Today, most of my code (the skeleton of the program) is generated by AI, probably like most of you.
My daily morning routing is to follow RSS feeds, news and today I spotted an interesting tool called “Bandit”[1]. It’s a tool designed to find common security issues in Python code. Because I’m mainly writing Python code, it made me curious to test it.
I use regularly a Python script that was 99% generated by AI. I just made some adjustments but all the core features have been generated. This script was good candidate to be analyzed by Bandit because:
- It has a decent size (1500 lines)
- It uses many dependences (Python libraries)
- It is multi-threaded for performance
- It collects data from online resources (network interactions)
Bandit is super easy to use, first download the Docker image (good to know, images are signed!):
docker pull ghcr.io/pycqa/bandit/bandit
Now, scan your code:
docker run -it --rm -v $(pwd):/data ghcr.io/pycqa/bandit/bandit --severity-level all -v /data/myscript.py
Here are the scan results for my script:
Total issues (by severity):
Undefined: 0
Low: 13
Medium: 1
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 14
The following table shows what has been spotted in the code (I grouped them)
| Issue | Severity | Confidence | Reference | Occurences |
|---|---|---|---|---|
| Consider possible security implications associated with the subprocess module | Low | High | https://cwe.mitre.org/data/definitions/78.html | 1 |
| Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called | Medium | High | https://cwe.mitre.org/data/definitions/20.html | 2 |
| subprocess call - check for execution of untrusted input | Low | High | https://cwe.mitre.org/data/definitions/78.html | 3 |
| Standard pseudo-random generators are not suitable for security/cryptographic purposes | Low | High | https://cwe.mitre.org/data/definitions/330.html | 1 |
| Try, Except, Pass detected | Low | High | https://cwe.mitre.org/data/definitions/703.html | 7 |
Like any vulnerability scan, results must be interpreted and put back in the environment where the code is executed. In my case, the script is running internally with trusted set of (XML) data so I consider the results as "good". Now, if you application is facing the Internet and publiclly available, that's another story!
If you are curious about the tests performed by Bandit, the list of plugins is availabe in the documentation[2].
Conclusion: the AI-generated script looks not too bad. Tip: when writing your prompt to generate the initial code, don't forget to mention that "security is very important" like:
Generate production-quality Python code with a security-first approach. Requirements: - Treat all external input as untrusted - Validate input types, length, and format - Sanitize strings (e.g., for file paths, URLs, commands, JSON, CSV) - Use explicit allow-lists where possible - Handle errors with clear exceptions (no silent failures) - Avoid dangerous functions (eval, exec, os.system, shell=True) - Prevent command injection, path traversal, and deserialization issues - Use safe libraries and best practices - Include input validation helpers if needed
[1] https://github.com/PyCQA/bandit
[2] https://bandit.readthedocs.io/en/latest/plugins/index.html
Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key
| Reverse-Engineering Malware: Advanced Code Analysis | Amsterdam | Mar 16th - Mar 20th 2026 |
Comments