AI is creating more software flaws – and they're getting worse
A CodeRabbit study compared pull requests with AI and without, finding AI is fast but highly error prone
AI is helping developers write code faster, but it's also leading to more problems, marking the latest study to highlight adoption concerns among software developers.
In a study from CodeRabbit, researchers found AI makes 1.7 more times as many mistakes as human programmers.
To come to that conclusion, CodeRabbit looked at 470 open source GitHub pull requests, of which 320 had AI input and 150 were human only.
"The results? Clear, measurable, and consistent with what many developers have been feeling intuitively: AI accelerates output, but it also amplifies certain categories of mistakes," wrote CodeRabbit's director of AI David Loker in a blog post.
He admitted the study wasn't perfect, in part because it was difficult to double-check authorship, but said the findings matched with previous research. Loker pointed to a report by Cortex that found pull requests per author increased by 20%, but incidents per pull request also went up — by 23.%.
That matches with previous research suggesting AI-generated code is now the cause of one-in-five breaches, with another report noting coders' concerns around AI introducing errors to their work.
More problems and more critical flaws
The CodeRabbit study found 10.83 issues with AI pull requests versus 6.45 for human-only ones, adding that AI pull requests were far more likely to have critical or major issues.
"Even more striking: high-issue outliers were much more common in AI PRs, creating heavy review workloads," Loker said.
Logic and correctness was the worst area for AI code, followed by code quality and maintainability and security. Because of that, CodeRabbit advised reviewers to watch out for those types of errors in AI code.
"These include business logic mistakes, incorrect dependencies, flawed control flow, and misconfigurations," Loker wrote. "Logic errors are among the most expensive to fix and most likely to cause downstream incidents."
AI code was also spotted omitting null checks, guardrails, and other error checking, which Loker noted are issues that can lead to outages in the real world.
When it came to security, the most common mistake by AI was improper password handling and insecure object references, Loker noted, with security issues 2.74 times more common in AI code than that written by humans.
Another major difference between AI code and human written-code was readability. "AI-produced code often looks consistent but violates local patterns around naming, clarity, and structure," Loker added.
Beyond those issues, Loker noted flaws in concurrency, formatting, and naming inconsistencies — all of which could not only cause issues with software or apps, but also make it harder for human reviewers to spot problems.
What's happening, and how to fix it
Some of the faults are down to a lack of context, Loker suggested, and in other cases AI is sticking to "generic defaults" rather than company rules, such as with naming patterns or architectural norms.
Security problems may be down to how models recreate "legacy patterns or outdated practices" by using older code as training data.
"AI generates surface-level correctness: It produces code that looks right but may skip control-flow protections or misuse dependency ordering," Loker added.
None of this means AI shouldn't be used in coding, he stressed. Instead, companies should ensure AI has context of business rules, policies or style guides, and be given guidelines for basic security.
Such efforts would wipe out many of the faults spotted, he said. Similarly, code reviewers should be given a checklist that takes this research into account, so they know what types of errors to watch out for.
"The future of AI-assisted development isn’t about replacing developers," he added. "It’s about building systems, workflows, and safety layers that amplify what AI does well while compensating for what it tends to miss."
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Meta is launching a trades academy to bolster AI infrastructure build-outsNews The tech giant will stump up to help train workers who will build data centers – and guarantees them jobs
-
Why More MSPs are adopting integrated platforms and vertical-specific market strategiesIndustry Insights What are the top tactics that MSPs are using to deliver these services at scale?
-
Asana wants every enterprise to have an AI ‘chief of staff’News The new Asana Dash tool was built to help guide and support teams through projects
-
Enterprises are shipping huge volumes of untested AI-generated code – experts warn it will cause major security issues and have huge financial repercussionsNews With speed routinely prioritized over quality, organizations often respond by taking shortcuts
-
AI might help speed up software development, but 81% of devs now spend more time reviewing code – and it’s creating an ‘invisible work’ trend that’s pushing teams to the limitNews While AI is improving productivity and efficiency, many developers are caught up in a vicious cycle of code reviews and bug hunting
-
AWS CEO Matt Garman is bullish on the future of SaaS — Amazon Quick shows there’s a ‘great business opportunity’ with AI-powered softwareNews Matt Garman said fears over the ‘SaaSpocalypse’ were overblown in February, now AWS is making big moves in the SaaS space
-
AI is coming to Ubuntu: Canonical exec teases future AI features and agentic workflow capabilities for version 26.10 — but on a ‘strictly opt-in basis’News A range of new AI features are coming to Ubuntu over the next year, according to maintainers, but only providing they’re of “sufficient maturity and quality”.
-
Everything you need to know about the GitHub Copilot pricing changesNews GitHub Copilot pricing changes mean users will be charged based on consumption, rather than a set number of credits
-
Developers are slacking on AI-generated code safety – here's why it could come back to haunt themNews While organizations are aware of the risks, many are spending little time or effort on tracking artifact versions, origins, and security attestations
-
Four things you need to know about GitHub's AI model training policy – including how to opt outNews Users of certain GitHub Copilot plans will have interaction data used to train AI models, but can opt out
