TL;DR
We cataloged 23 distinct security vulnerability patterns that AI coding tools consistently generate. These aren't random errors — they're predictable, repeatable failure modes rooted in training data bias. The patterns cluster into five OWASP categories: Injection (SQL, NoSQL, Command), Broken Authentication (weak hashing, JWT misuse), Security Misconfiguration (CORS, CSP, debug mode), Cryptographic Failures (weak algorithms, predictable randomness), and Vulnerable Dependencies (stale versions, abandoned packages). Each pattern has a specific remediation.
Why AI Generates the Same Vulnerabilities Repeatedly
AI-generated security vulnerabilities are not random. They follow predictable patterns determined by training data composition. The model saw 1,000 SQL queries using string concatenation for every 1 using parameterized queries. It learned that string concatenation IS sql query construction. The parameterized version is a minority pattern that the model assigns lower probability.
AI doesn't generate insecure code because it's trying to be insecure. It generates insecure code because insecure patterns are the statistical majority of its training data. The fix: make secure patterns the majority of its context.
Category 1: Injection Vulnerabilities
The most common and most dangerous AI-generated vulnerability category. These enabled 68% of critical security incidents in our audit:
SQL Injection via Template Literals
The AI generates: `SELECT * FROM users WHERE id = ${userId}` instead of parameterized: db.query('SELECT * FROM users WHERE id = $1', [userId]). Occurrence rate: 72% of AI-generated SQL queries. Severity: CRITICAL (CVSS 9.8). OWASP: A03:2021 Injection.
NoSQL Injection via Object Spread
The AI generates: db.find({...req.body}) allowing attackers to inject MongoDB operators ($gt, $ne) via request body. Occurrence rate: 58% of AI-generated MongoDB queries. Severity: HIGH (CVSS 8.1).
Command Injection via exec()
The AI generates: exec(`convert ${filename} output.pdf`) instead of using execFile() with argument arrays. User-controlled filename enables arbitrary command execution. Occurrence rate: 81% of AI-generated shell interactions.
Category 2: Authentication and Session Failures
AI-generated authentication code is consistently the weakest link. The patterns from tutorials and Stack Overflow answers — designed for learning, not production — dominate:
// AI-Generated Auth Pattern (INSECURE):
const hash = crypto.createHash('md5').update(password).digest('hex');
const token = jwt.sign(payload, 'secret-key'); // hardcoded secret
const sessionId = Math.random().toString(36).slice(2); // predictable
// Secure Pattern (what the AI should generate):
const hash = await bcrypt.hash(password, 12); // adaptive cost
const token = jwt.sign(payload, process.env.JWT_SECRET); // env var
const sessionId = crypto.randomBytes(32).toString('hex'); // CSPRNG
The Remediation Pattern for Each Category
Each vulnerability category has a specific remediation pattern. The key insight: remediation is more effective at the INPUT (context) layer than the OUTPUT (scanning) layer.
Measured across 500 AI coding sessions. Without context injection: average 4.2 vulnerability patterns per session. With security policy context injection: average 0.38 vulnerability patterns per session. The 91% reduction comes from injecting: your approved crypto library, your parameterized query builder, your input validation utilities, and your approved authentication patterns directly into the AI's context window.
The Context Injection Remediation
The most scalable remediation for AI-generated vulnerabilities isn't scanning — it's ensuring the AI has access to your secure implementations before it generates code. When your context includes your bcrypt wrapper, your parameterized query builder, and your crypto utilities, the AI generates code USING those utilities instead of falling back to training-data patterns.
Inject Your Crypto Wrapper
Include your password hashing module in the AI context. The AI will use bcrypt.hash() from your module instead of generating md5 from training data.
Inject Your Query Builder
Include your database abstraction layer. The AI will use your parameterized query methods instead of generating string-concatenated SQL.
Inject Your Validation Library
Include your input validation utilities. The AI will apply your existing validators instead of generating unvalidated input handling.
Inject Your Auth Patterns
Include your authentication middleware. The AI generates code that uses your existing auth flow instead of inventing its own (insecure) implementation.
Verify with SAST
Even with context injection, run SAST as verification. Context injection prevents 91% of vulnerabilities. SAST catches the remaining 9%.
Prevent the Pattern. Don't Just Detect It.
This catalog exists because AI coding tools generate the same vulnerabilities thousands of times across thousands of codebases. The pattern will continue as long as the AI lacks context about YOUR project's secure implementations. Give it context, and the pattern breaks.
🔧 Your secure patterns. Every AI completion.
Context Snipe injects your project's actual security implementations — your crypto wrapper, query builder, validation library, and auth middleware — into every AI completion. The AI generates code using YOUR secure patterns, not training-data insecure patterns. Start free — no credit card →