I've been using Copilot and Claude to build my side projects. Productivity is through the roof. But here's what I found when I actually scanned the output:
Placeholder API keys that weren't placeholders
SQL queries with string concatenation (classic)
Hardcoded JWT secrets
Five dependency CVEs from packages AI suggested
An exposed token I'd committed and completely forgotten about
30 findings total. In code I wrote with AI assistance.
The pattern is consistent: AI generates functional code fast, but it doesn't think about security edge cases. It uses insecure defaults. It copies patterns from training data that include vulnerabilities.
I built a scanner that runs 9 engines at once and generates actual fixes. Not because I'm a security expert — because I needed something to check my own AI-assisted code.
If you ship fast with AI tools, scan your repo. You might be surprised what you find.
Top comments (1)
Its very easy to use, fast and cheap debuggix.space