{"id":38005,"date":"2025-06-20T17:26:20","date_gmt":"2025-06-20T09:26:20","guid":{"rendered":"https:\/\/www.1ai.net\/?p=38005"},"modified":"2025-06-20T17:26:20","modified_gmt":"2025-06-20T09:26:20","slug":"ai-%e7%94%9f%e6%88%90%e4%bb%a3%e7%a0%81%e9%9a%90%e5%bf%a7%ef%bc%8c%e4%ba%ba%e5%b7%a5%e5%ae%a1%e6%9f%a5%e7%bc%ba%e5%8f%a3%e6%88%90%e5%ae%89%e5%85%a8%e6%96%b0%e5%a8%81%e8%83%81","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/38005.html","title":{"rendered":"AI-generated code worries, manual review gap a new security threat"},"content":{"rendered":"<p>June 20, 2012 - Cloudsmith released a report on June 18th stating that <a href=\"https:\/\/www.1ai.net\/en\/tag\/ai\" title=\"[View articles tagged with [AI]]\" target=\"_blank\" >AI<\/a> generated<a href=\"https:\/\/www.1ai.net\/en\/tag\/%e4%bb%a3%e7%a0%81\" title=\"[See articles with [code] labels]\" target=\"_blank\" >Code<\/a>There has been a surge in the number of<strong>However, manual code review cannot be synchronized to keep up.<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-38006\" title=\"0a2b45c8j00sy5e6m007cd000rs00q2p\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2025\/06\/0a2b45c8j00sy5e6m007cd000rs00q2p.jpg\" alt=\"0a2b45c8j00sy5e6m007cd000rs00q2p\" width=\"1000\" height=\"938\" \/><\/p>\n<p>1AI cites the report in the use of AI in the<a href=\"https:\/\/www.1ai.net\/en\/tag\/%e5%bc%80%e5%8f%91%e8%80%85\" title=\"[Sees articles with [developer] labels]\" target=\"_blank\" >Developers<\/a>Of the 421 TP3T of code generated by AI, 16.61 TP3T of developers relied on AI to contribute \"most\" of their code, and 3.61 TP3T of code was entirely machine-generated.<\/p>\n<p>This trend was confirmed in the GitHub 2024 survey: more than 97% developers in the US, Brazil, Germany, and India have used AI coding tools, and 88%-59% of respondents said their company \"at least partially supports\" such tools.<\/p>\n<p>The report also points out that there are concerns behind AI's rapid code generation. The survey revealed widespread concern among developers that AI could exacerbate the threat of open source malware: 79.2% of respondents believe that AI will increase the amount of malware in their environments, with 30% believing that the threat will rise \"significantly\".<\/p>\n<p>Cloudsmith warns that one-third of developers fail to review AI-generated code before each deployment, leading to \"large amounts of unvalidated code\" going straight into production, creating supply chain vulnerabilities.<\/p>\n<p>More critically, traditional risks such as code integrity, dependency management, and SBOMs (Software Bill of Materials) are magnified by AI's \"rapid reuse of unknown or untrustworthy code\". Developers admit that AI input is most risky at the \"code generation stage\", and only 40% believes that this stage needs to be strictly controlled.<\/p>\n<p>Cloudsmith suggests the need for enhanced product management through Intelligent Access Control and End-to-End Visibility, as well as the adoption of Dynamic Access Policies and the Policy-as-Code framework. The policy-as-code framework. For AI-generated code, automated policies need to be enforced to flag AI artifacts that are not vetted or trustworthy, and to differentiate between human and machine code through \"traceability\".<\/p>","protected":false},"excerpt":{"rendered":"<p>On June 20, Claudesmith released a report on June 18, stating that the number of codes generated by AI had surged, but that manual code clearance could not keep up. 1AI quotes from the report that among developers who use AI, 42% is generated by AI, of which 166% relies on AI for \"most\" contributions, and 3.6% is entirely machine-generated. This trend was confirmed in the 2024 GitHub survey: in the United States, Brazil, Germany and India, the developers of the Super 97% used the AI coding tool, and the respondents of 88%-59% indicated that the company \u201csupported at least partially\u201d such a tool. The report also states that AI is fast<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[411,1809,1903],"collection":[],"class_list":["post-38005","post","type-post","status-publish","format-standard","hentry","category-news","tag-ai","tag-1809","tag-1903"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/38005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/comments?post=38005"}],"version-history":[{"count":0,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/38005\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/media?parent=38005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/categories?post=38005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/tags?post=38005"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/collection?post=38005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}