AI Code Generation Security: Technical Defense Guide | QuizBy Eyal Doron / December 6, 2025 / 1 minute of reading AI Code Generation Security: Technical Defense Guide | Quiz 1 / 7 1. What is the recommended approach for treating AI-generated code according to the article? 1. Accept it without review for non-production environments 2. Trust it completely since AI is more reliable than human developers 3. Treat it as untrusted input requiring the same scrutiny as code from any external source 4. Only review it if the AI indicates low confidence Correct! Why: AI-generated code should be treated as untrusted input because AI reproduces patterns including insecure ones without understanding security implications. Context: This aligns with security principles of never trusting external input. Remember: AI code is untrusted code. 2 / 7 2. What surprising security issue has been documented in AI-generated code regarding credentials? 1. AI always generates placeholder credentials 2. AI has reproduced actual API keys and secrets from its training data 3. AI only generates encrypted credentials 4. AI refuses to generate any credential-related code Correct! Why: AI has been documented reproducing actual API keys and secrets from training data – exposing third-party credentials in generated code. Context: This means AI can leak other organizations secrets into your codebase. Remember: AI can leak real secrets from its training data. 3 / 7 3. What type of attack involves embedding malicious instructions in code comments that cause AI to implement vulnerabilities? 1. Prompt injection 2. Buffer overflow 3. SQL injection 4. Cross-site scripting Correct! Why: Prompt injection embeds malicious instructions in code comments or prompts – a comment like TODO Add admin bypass might cause AI to implement exactly that. Context: This is an active attack vector against AI coding tools with demonstrated proof-of-concept attacks. Remember: Comments can become commands for AI. 4 / 7 4. A development team uses GitHub Copilot for a payment processing application. According to the article – what approach should they take? 1. Use Copilot only for comments and documentation 2. Apply heightened scrutiny because security-sensitive applications are high-risk scenarios for AI code 3. Trust Copilot completely because it is trained on financial code 4. Disable Copilot entirely as AI cannot be used for payments Correct! Why: Security-sensitive applications including payment processing demand the highest code quality – precisely where AI blind spots are most dangerous. Context: The article identifies this as a high-risk scenario requiring additional defenses not prohibition. Remember: Higher stakes require higher scrutiny. 5 / 7 5. What does the article describe as the four-layer defense strategy against insecure AI-generated code? 1. Training – testing – deployment – monitoring 2. Automated scanning – mandatory code review – secure prompt engineering – policy governance 3. Authentication – authorization – auditing – accounting 4. Firewall – antivirus – encryption – backup Correct! Why: The article specifies these four layers as essential for effective protection against AI code vulnerabilities. Context: Multiple layers work together because no single defense catches all issues. Remember: Scan – Review – Prompt – Govern. 6 / 7 6. Which injection flaw is described as the most common issue in AI-generated code? 1. SQL injection through string concatenation 2. LDAP injection 3. XML external entity injection 4. Buffer overflow attacks Correct! Why: SQL injection remains the most common issue because AI frequently generates queries using string concatenation rather than parameterized queries. Context: This insecure pattern dominates training data – if 60% of examples use string concatenation AI will likely suggest it. Remember: String concatenation for SQL is the pattern AI sees most – and it is insecure. 7 / 7 7. According to research studies – what percentage of AI-generated code contains security vulnerabilities? 1. 75-90% 2. 25-40% 3. Less than 5% 4. Exactly 50% Correct! Why: Stanford and NYU studies found that approximately 25-40% of Copilot-generated code contained security vulnerabilities. Context: This significant percentage means AI-generated code requires the same scrutiny as code from any untrusted source. Remember: Nearly one-third of AI code may be vulnerable. Your score isThe average score is 0% Restart quiz Download PDF Please leave this field empty🔐 The AI Security Manager's Newsletter Weekly insights on AI risk management, EU AI Act compliance, and practical security strategies. We don’t spam! Read our privacy policy for more info. Thank you! Please check your inbox to confirm your subscription.
