Security Degradation in Iterative AI Code Generation (arxiv.org)

Researchers systematically evaluated how security evolves when LLMs iteratively refine code and found a surprising degradation: using a controlled experiment of 400 code samples run through 40 rounds of “improvements” with four distinct prompting strategies, the authors report a 37.6% increase in critical vulnerabilities after only five iterations. Different prompting approaches produced distinct vulnerability patterns, contradicting the common assumption that repeated LLM refinement necessarily makes code safer. The study frames this effect as a paradox where successive “improvements” introduce new security weaknesses even as functional or stylistic metrics may appear to improve. This result matters for practitioners and researchers relying on LLMs for coding, refactoring, or automated CI workflows: iterative, unchecked model-driven edits can amplify risk unless security checks and human expertise are explicitly integrated. Key technical implications include the need to evaluate models on security-sensitive metrics (not just correctness), incorporate static/dynamic analysis and vulnerability scanners between iterations, and enforce robust human validation gates. The paper offers practical guidelines to mitigate these risks and signals that prompt engineering, model evaluation, and human-in-the-loop design must prioritize security to avoid paradoxical regressions in AI-assisted software development.