Why LLMs are plateauing – and what that means for software security (www.techradar.com)

Recent analysis has highlighted that while large language models (LLMs) have made remarkable advancements in generating functional code, they are falling short in terms of security. Only about 55% of the generated code is secure, with models frequently introducing common vulnerabilities, demonstrating a significant gap in security capabilities as reliance on AI for software development increases. The lack of emphasis on security during the training process—largely based on public code samples that include both secure and insecure examples—has resulted in models that do not effectively discern safe coding practices. Notably, security performance varies significantly across programming languages, with Java code generation proving particularly problematic, resulting in security pass rates below 30%. OpenAI’s reasoning-tuned GPT-5 models have shown better performance, achieving over 70% security in code generation by incorporating reasoning capabilities, which appear to lead to safer coding outcomes. The evolving practice of vibe coding—where developers trigger code generation without specifying security constraints—exacerbates these vulnerabilities, leaving critical decisions in the hands of LLMs. Experts warn that as organizations increasingly adopt AI-generated code, proactive measures, such as continuous security scanning and human oversight, are crucial to mitigate the inherent risks of trusting AI outputs without adequate safeguards.