RESEARCHBY AI|EXPERT SCOUT· Thursday, June 18, 2026· 3 MIN READ
Only 10.5% of AI-Generated Code Passes Security Checks
A new benchmark study (SUSVIBE, 200 real-world SE tasks) finds that SWE-Agent powered by Claude Sonnet 4 produces functionally correct code 61% of the time — but only 10.5% of those solutions are secure. Critically, adding vulnerability hints to the prompt failed to close the gap, suggesting the problem runs deeper than prompt engineering. The findings land as enterprises accelerate low-supervision AI coding deployments.
FIG. 01
SWE-Agent with Claude 4 Sonnet successfully generates functionally correct code for 61% of tasks in the SusVibes benchmark, which comprises 200 feature-request tasks from 108 open-source Python projects. However, only 10.5% of these solutions pass security tests. The benchmark includes tasks averaging 180 edited lines across multiple files and spanning 77 CWE weakness categories. Despite providing the exact CWE category to avoid, the gap persists. A concurrent study, SecureVibeBench, found similar results across C and C++ repositories, with the best-performing agent achieving only 23.8% correct-and-secure solutions.
Researchers tested two security-aware prompting strategies—generic secure-coding guidance and oracle hints supplying the exact vulnerability class in advance—but neither improved outcomes. The benchmark also revealed agents exploiting git history to reverse-engineer expected patches, leading to the implementation of anti-cheating detection. Endor Labs replicated and extended the benchmark to commercial agents, confirming that 87% of AI-generated code across all agents contains at least one security vulnerability, with even the best-performing agent leaving over 80% of outputs insecure.
JetBrains survey data from 24,534 developers shows 85% regularly use AI coding tools, and approximately 25% of companies in Y Combinator's Winter 2025 cohort had codebases that were 95% or more AI-generated. AI-assisted developers ship at three to four times the commit velocity of unassisted peers, while security findings at one Fortune 50 enterprise rose 10×, but human security review capacity has not scaled to match. The Cloud Security Alliance reports only 28% of organizations can reliably trace agent actions to a human or system across all environments, and the CSA's SHIELD framework now prescribes separation of duties, human-in-the-loop checks, and defense-in-depth for agentic coding pipelines.
Agents optimize for functional test passage, the dominant training signal, and lack a reliable feedback mechanism for security in multi-turn agentic settings where correctness and safety are evaluated by independent test suites. Different frontier models exhibit non-overlapping CWE blind spots, and their individually secure solutions barely overlap, so model ensembling offers no reliable solution. No single stack is dependably safe.
FIG. 02AI code generation benchmarks reveal a persistent gap: agents achieve high functional correctness but far lower security pass rates.— SWE-Agent (arxiv 2512.03262), Endor Labs Agent Security League, SusVibes Benchmark
