RECENT STORIES:

Addressing digital sovereignty in a data-driven world
MM Art Indices Found Global Art Market Shows Signs of Synchronized Rec...
EQT Consortium Raises Tender Offer Price for Kakaku.com to JPY 3,450 P...
Cheche Group Announces 35-for-1 Share Consolidation
Asia Pacific Enterprise Awards (APEA) 2026 Regional Edition Forges Leg...
Longbridge Unveils the World’s First AI-Native Investing Platfor...
LOGIN REGISTER
DigiconAsia
  • Features
    • Featured

      Creating value with AI upskilling

      Creating value with AI upskilling

      Wednesday, July 1, 2026, 3:55 PM Asia/Singapore | Features
    • Featured

      Sovereign AI – a competitive advantage

      Sovereign AI – a competitive advantage

      Wednesday, June 24, 2026, 10:01 AM Asia/Singapore | Features
    • Featured

      Deployment outpacing validation in digital experience

      Deployment outpacing validation in digital experience

      Friday, June 12, 2026, 9:26 AM Asia/Singapore | Features
  • News
    • Featured

      Study finds social platforms are still driving traffic to nonconsensual deepfake nudify sites

      Study finds social platforms are still driving traffic to nonconsensual deepfake nudify sites

      Thursday, July 16, 2026, 2:09 PM Asia/Singapore | News
    • Featured

      The Universe’s mysteries may be our biggest blind spot: dark matter research

      The Universe’s mysteries may be our biggest blind spot: dark matter research

      Wednesday, July 15, 2026, 3:24 PM Asia/Singapore | News, Newsletter
    • Featured

      Ninja Van Malaysia streamlines warehouse workflows to reduce logistics inefficiencies

      Ninja Van Malaysia streamlines warehouse workflows to reduce logistics inefficiencies

      Tuesday, July 14, 2026, 3:46 PM Asia/Singapore | News, Newsletter
  • Perspectives
  • Tips & Strategies
  • Whitepapers
  • Directory
  • E-Learning

Select Page

News

AI coding tools introduce security flaws in 87% of pull requests: report

By DigiconAsia Editors | Friday, March 13, 2026, 10:40 AM Asia/Singapore

AI coding tools introduce security flaws in 87% of pull requests: report

Recent research tested leading agents building full apps, uncovering 143 vulnerabilities such as improper token handling across models.

In a report on coding security released on 11 March 11, 2026, an “AI-native” cybersecurity firm has claimed to discover significant security shortcomings in leading AI coding tools.

DryRun Security, an Austin, Texas-based firm, had tested Anthropic’s Claude, OpenAI’s Codex, and Google’s Gemini, by tasking them with developing two full applications — a family allergy tracker web app and a browser racing game —via sequential pull requests mimicking real engineering workflows.

Across 38 scans, 143 vulnerabilities surfaced, with 87% of pull requests introducing at least one flaw, according to a report in Yahoo news:

  • Claude had generated the most unresolved high-severity issues in the final codebases
  • Codex showed the strongest remediation, fixing more problems iteratively and ending with the fewest critical vulnerabilities
  • Gemini had placed between them, addressing some early flaws in later changes but still leaving multiple severe risks
  • None of the coding agents produced a secure product, as all overlooked key protections
  • The AI coding agents generated functional software quickly, but security was not built into their processes, and the bots often skipped essential features or botched authentication logic
  • Common failures spanned all models, including improper JSON Web Token handling, no defenses against brute-force attacks, susceptibility to token replay exploits, and weak refresh token cookie settings.
  • Authentication safeguards, when created for REST APIs, were inconsistently applied to WebSocket endpoints, exposing app segments.

These results amplify enterprise ongoing worries about AI-assisted coding. A February 2026 study had found over 25% of AI-generated code contained OWASP Top 10 vulnerabilities, but DryRun’s recent work uniquely tracks flaws compounding over full development cycles.

As software development teams speed up them projects via agents, ongoing scans during workflows—not just end-stage reviews — are vital to curb risk buildup and technical debt, according to industry observers.

Share:

PreviousCGTN AMERICA & CCTV UN: China in Springtime: China’s Development Opportunities for the World
NextIoT trends APAC enterprises cannot ignore in 2026

Related Posts

How to read survey reports with a critical mind

How to read survey reports with a critical mind

August 13, 2024

Can India become the world’s Drones-as-a-Service hub?

Can India become the world’s Drones-as-a-Service hub?

September 20, 2021

APAC e-shoppers need not crave travelling to Italy to buy luxury goods

APAC e-shoppers need not crave travelling to Italy to buy luxury goods

July 28, 2020

Help! My company’s AI investments are not bearing fruit…

Help! My company’s AI investments are not bearing fruit…

July 6, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Awards Nomination Banner

gamification list

PARTICIPATE NOW

top placement

Whitepapers

  • Achieve Modernization Without the Complexity

    Achieve Modernization Without the Complexity

    Transforming IT infrastructure is crucial …Download Whitepaper
  • 5 Steps to Boost IT Infrastructure Reliability

    5 Steps to Boost IT Infrastructure Reliability

    In today's fast-evolving tech landscape, …Download Whitepaper
  • Simplify Payroll Setup for Your Small Business

    Simplify Payroll Setup for Your Small Business

    In our free guide, "How …Download Whitepaper
  • Overcoming the Challenges of Cost & Complexity in the Cloud-first Era.

    Overcoming the Challenges of Cost & Complexity in the Cloud-first Era.

    Download Whitepaper

Middle Placement

Case Studies

  •  Xiaomi streamlines global payments across 18 markets

     Xiaomi streamlines global payments across 18 markets

    Continual digital transformation has reduced …Read More
  • The 48-hour lifeline: How the IRC rewrote the rules for crisis care

    The 48-hour lifeline: How the IRC rewrote the rules for crisis care

    In a world where crises …Read More
  • CALB upgrades data platform to support analytics, security, and battery lifecycle tracking

    CALB upgrades data platform to support analytics, security, and battery lifecycle tracking

    Deploying a petabyte-scale data lake …Read More
  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your …Read More

Bottom Sidebar

Other News

  • MM Art Indices Found Global Art Market Shows Signs of Synchronized Recovery in Spring 2026 Auctions After Post-Pandemic Correction

    July 17, 2026
    BEIJING and MILAN, July 17, …Read More »
  • EQT Consortium Raises Tender Offer Price for Kakaku.com to JPY 3,450 Per Share

    July 17, 2026
    Increased tender offer price exceeds …Read More »
  • Cheche Group Announces 35-for-1 Share Consolidation

    July 17, 2026
    BEIJING, July 17, 2026 /PRNewswire/ …Read More »
  • Asia Pacific Enterprise Awards (APEA) 2026 Regional Edition Forges Legacies with Trailblazers Across Asia

    July 17, 2026
    KUALA LUMPUR, Malaysia, July 17, …Read More »
  • Longbridge Unveils the World’s First AI-Native Investing Platform, Ushering in a New Era of Investing

    July 17, 2026
    Four products replace menus and …Read More »
  • Our Brands
  • CybersecAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 DigiconAsia All Rights Reserved.