AI-generated code is shipping to production without security review. The tools that generate the code don’t audit it. The developers using the tools often lack the security knowledge to catch what the models miss. This is a growing blind spot in the software supply chain.
I think the real problem is that nobody cares about security because there are very little consequences for data leaks. I guess what little safeguards existed in the past have been obliterated by the sheer velocity of AI code generation.
What we need is laws to hold people criminally responsible for negligence in handling user data. It isn’t unprecedented, since we already have HIPPA. A watered-down version of that for ANY business that collects personal data would fix a lot of problems.