AI coding tools are increasing the pace of software development but are also introducing significantly more security vulnerabilities and bugs than human programmers, new research from CodeRabbit has found.
The figures paint a worrying picture for organizations increasingly relying on AI to produce code. Pull requests generated using AI tools contained an average of 10.83 issues, compared with only 6.45 issues in code written by humans. That means AI-generated code has roughly 1.7 times more problems overall.
But more worryingly, these are not just minor issues. For instance, the research found that AI code had 1.4 times more critical issues and 1.7 times more major issues than human-written code. These are kinds of serious bugs that lead to security breaches, system crashes, or huge malfunctions in finished software products.
Where AI Goes Wrong?
It also listed some concrete issues where AI lagged: the occurrence of errors in logic and correctness was 1.75 times more frequent in AI code, while code quality and maintainability problems cropped up 1.64 times as often. Security vulnerabilities were 1.57 times higher, and performance issues appeared 1.42 times more often.
Some of the most concerning security issues introduced by AI tools include improper password handling, insecure object references, cross-site scripting vulnerabilities, and insecure deserialization. These are exactly the kind of vulnerabilities hackers look for and try to exploit.
“AI coding tools dramatically drive up output, but they also introduce predictable, measurable weaknesses that the organizations must actively mitigate,” said David Loker, AI Director at CodeRabbit.
Before we write off the coding assistants entirely, there’s a flip side to consider: while Artificial Intelligence produces more bugs, it also excels in many other areas. The technology introduced 1.76 times fewer spelling errors and 1.32 times fewer testability issues than human developers.
This suggests that Artifcial Intelligence is truly good at handling the routine, mundane tasks that tend to trip up human programmers. The technology is proving equal to simple code hygiene and structure, freeing developers to concentrate on more complex problem-solving.
Instead of looking at these findings as a failure of Artificial Intelligence, experts say they really show how humans and artificial intelligence will work together in the future. The data is not necessarily indicative that AI should be abandoned but that its role should be carefully managed.
Why Human-in-the-Loop is AI’s Most Important Feature?
The emerging model sees AI handling the time-consuming groundwork while developers shift into oversight and quality control roles. This is where computers generate the initial code quickly, then experienced programmers review, refine, and fix the issues before deployment.
That collaboration might actually produce better overall results. Although AI code does take longer to review because more errors are being caught, it greatly speeds up the development of the initial code. The key is having skilled humans in the loop to catch and correct the vulnerabilities Artificial Intelligence introduces.
It’s also worth noting that higher bug counts don’t automatically mean worse outcomes. As one example shows, Microsoft reportedly patched 1,139 security vulnerabilities in 2025-the second-highest year on record. But this spike coincides with dramatically increased code production thanks to AI tools.
If the developers are creating twice as much code, with AI assistance, finding more bugs in total doesn’t really show that the code quality has decreased. The percent of code flawed could be stable or even better, even while absolute numbers rise.
In addition, AI models are advancing constantly. The systems examined today are very likely to produce cleaner, more secure code when they learn and improve further. Companies such as OpenAI regularly update their models to address weaknesses and enhance precision.
Speed vs. Security: Why AI Still Needs a Human Pilot?
For organizations leveraging the AI-powered coding tools, the message is straight: these technologies are powerful productivity boosters, but they are not autonomous replacements for human developers. Success requires combining AI’s speed with human expertise in security, logic, and software architecture.
The future of programming probably isn’t one of humans versus Artificial Intelligence but rather one where humans work alongside Artificial Intelligence, each doing what they do best. Companies that can walk this balance will gain the benefits while not falling foul of the pitfalls from over-reliance on automated code generation.




