AI models can’t fully understand security – and they never will (www.techradar.com)

Recent research by Veracode has revealed that large language models (LLMs) can select secure code only 55% of the time, raising serious concerns about their reliability in software development. The study highlights a critical gap in LLMs’ understanding of cybersecurity—while these models effectively predict coding syntax, they lack the ability to comprehend nuances such as risk and security, largely due to limitations in their memory and context awareness. This deficiency means they often produce code that appears correct but conceals subtle vulnerabilities, primarily because they’re trained on data that mixes secure and insecure patterns without differentiation. As AI-assisted coding gains traction, developers must remember that LLMs should be used as productivity tools rather than replacements for human expertise. There is an urgent need for secure-by-default approaches that incorporate real-time static analysis and enforce coding policies to mitigate the risks posed by AI-generated code. Organizations are encouraged to provide tailored training to help developers navigate the complexities of LLMs, including recognizing potential security pitfalls and understanding when it is inappropriate to rely on AI, especially in high-stakes scenarios. Without proper safeguards and human oversight, the rapid advancement of AI could inadvertently lead to an increase in cyber vulnerabilities.