H
11

Pro tip: Don't trust AI code generators for security patches

I asked an AI to fix a SQL injection hole in my site and it generated a patch that opened three new vulnerabilities. Has anyone else had a bot quietly break their security checks?
2 comments

Log in to join the discussion

Log In
2 Comments
hernandez.ben
Holy crap, it opened THREE new holes? That's insane. I mean, I knew these bots were kind of dumb but actively making things worse is a whole new level of bad. How do you even mess up a simple SQLi fix that badly? It's like it went out of its way to break everything else in the process. You'd think the thing would at least keep the existing checks in place, not replace them with new problems. I'm honestly shocked it didn't just leave the original hole open too.
1
margaret_bennett3
Wait, THREE? I thought it was bad enough when a coworker told me their AI patch just ignored the input validation entirely, but actually adding new holes is a whole different level of broken. That's like trying to fix a leaky pipe and accidentally drilling holes in the wall next to it.
1