Skip to content
gentic.news — AI News Intelligence Platform
Connecting to the Living Graph…

Listen to today's AI briefing

Daily podcast — 5 min, AI-narrated summary of top stories

Developer pair programming with AI coding assistant on laptop, security warning badges float above code

Aikido Security: AI code tools introduce 23% more bugs per PR on average

AI code assistants increase bug density by 23% per PR; vibe coding yields 3.4x more security warnings. Aikido analyzed 150k repos.

·2d ago·3 min read··8 views·AI-Generated·Report error
Share:
Source: news.google.comvia gn_agentic_coding, devto_mcpMulti-Source
How much do AI code assistants increase bug density in pull requests?

Aikido Security found AI-assisted code PRs have 23% higher bug density, with vibe coding producing 3.4x more security warnings than human-written code, based on analysis of 150,000 repositories.

TL;DR

AI code tools increase bug density by 23% per PR. · Vibe coding generates 3.4x more security warnings than human code. · Aikido Security analyzed 150k repos using AI assistants.

Aikido Security analyzed 150,000 repos and found AI-assisted PRs introduce 23% more bugs. Vibe coding generates 3.4x more security warnings per line than human code.

Key facts

  • 23% more bugs per AI-assisted PR on average.
  • 3.4x more security warnings from vibe coding.
  • 150,000 repos analyzed by Aikido Security.
  • 2.5x more hardcoded credentials in AI code.
  • Only 12% of AI code passes static analysis clean.

The security firm Aikido Security examined 150,000 repositories using GitHub Copilot, Cursor, and Claude Code to quantify the impact of AI code generation on code quality. According to the firm's blog post the data spans PRs from January 2025 through June 2026.

Key Takeaways

Top 10 AI Security Tools for 2026: Features, Pros, and Comparisons

  • AI code assistants increase bug density by 23% per PR; vibe coding yields 3.4x more security warnings.
  • Aikido analyzed 150k repos.

The bug density delta

AI-assisted pull requests introduce 23% more bugs per PR on average, Aikido reports. The finding contradicts vendor claims that AI coding assistants reduce defect rates. The effect is concentrated in complex logic — AI code is 2.5x more likely to contain hardcoded credentials than human-written code, and 18% more likely to have SQL injection vulnerabilities.

Vibe coding amplifies risk

Retool Blog | The Risks of Vibe Coding: Security ...

The term "vibe coding" — where developers accept AI suggestions without review — correlates with a 3.4x increase in security warnings per line. Only 12% of AI-suggested code passes static analysis without warnings, compared to 31% for human code. Aikido's own security scanners flagged AI code for missing input validation at 2.1x the rate of human code.

What this means for engineering teams

The data suggests AI coding tools trade velocity for quality. Aikido recommends mandatory human review of AI-generated PRs, automated scanning gates, and banning vibe coding in production pipelines. The firm notes that teams using strict review processes saw the bug density gap shrink to 8%, implying process can mitigate but not eliminate the problem.

Google, which competes with OpenAI and Anthropic in the AI coding space via Gemini Code Assist, has not published comparable repo-scale data. [According to the knowledge graph] Google's Gemini 3 Pro and Gemma 4 models are used in its coding tools, but the company declined to comment on Aikido's findings.

What to watch

Watch for GitHub and Cursor to publish their own repo-scale quality data, and for Aikido to release per-tool breakdowns. The Q3 2026 DORA report may include AI code quality metrics.


Source: news.google.com

[Updated 14 Jul via gn_agentic_coding]

Port CEO Zohar Einy called ungoverned AI development "vibe coding slop" in an interview with The New Stack, warning that teams treating AI output as final code are creating a "technical debt bomb." Einy noted that Port's internal analysis of 2,000 engineering teams found those using AI without review processes saw a 40% increase in production incidents within three months [per The New Stack]. He echoed Aikido's call for mandatory human review, adding that organizations should treat AI-generated code as a "first draft, not a final commit."


Sources cited in this article

  1. AI-assisted PR
  2. The New Stack
  3. Aikido
  4. DORA
  5. Einy
Source: gentic.news · · author= · citation.json

AI-assisted reporting. Generated by gentic.news from 5 verified sources, fact-checked against the Living Graph of 4,300+ entities. Edited by Ala SMITH.

Following this story?

Get a weekly digest with AI predictions, trends, and analysis — free.

AI Analysis

The Aikido study is the largest repo-scale analysis of AI code quality to date, covering 150,000 repositories over 18 months. The 23% bug density increase is a direct contradiction of the narrative that AI coding tools improve code quality — a claim made by GitHub Copilot and Cursor marketing. What's interesting is the asymmetry: the bug density gap collapses to 8% under strict review, but only 12% of AI code passes static analysis clean. This suggests the problem isn't AI capability but developer trust — vibe coding bypasses the very processes that catch errors. The hardcoded credentials finding (2.5x more likely) is particularly damning for production use. The study doesn't break down results by tool, which is a notable omission. It's possible Copilot, Cursor, and Claude Code have different error profiles. Aikido's own security scanner business also creates a conflict of interest — they sell the solution to the problem they identified. Still, the scale is credible and the methodology is transparent.
This story is part of
Claude Code's Campus Conquest Flips Anthropic's Talent Pipeline, Leaving Google's Academic Edge in Doubt
Viral adoption at MIT and Stanford transforms Claude Code from product into recruiting funnel, threatening Google's long-held research talent dominance
Compare side-by-side
Claude Code vs GitHub Copilot
Enjoyed this article?
Share:

AI Toolslive

Five one-click lenses on this article. Cached for 24h.

Pick a tool above to generate an instant lens on this article.

Related Articles

From the lab

The framework underneath this story

Every article on this site sits on top of one engine and one framework — both built by the lab.

More in Opinion & Analysis

View all