Microsoft aims to replace its C and C++ codebase with Rust by 2030, leveraging AI to automate the translation process. They're hiring engineers to develop tools for this extensive project, which is part of a broader effort to improve software security and reduce technical debt. However, a recent update clarifies that this initiative is a research project, not a direct rewrite of Windows.

This article examines how well AI models Claude Code and OpenAI Codex can identify Insecure Direct Object Reference (IDOR) vulnerabilities in real-world applications. It reveals that while these models excel in simpler cases, they struggle with more complex authorization logic, leading to a high rate of false positives.

This article presents a security reference designed to help developers identify and mitigate vulnerabilities in AI-generated code. It highlights common security anti-patterns, offers detailed examples, and suggests strategies for safer coding practices. The guide is based on extensive research from over 150 sources.

This article analyzes the security of over 20,000 web applications generated by large language models (LLMs). It identifies common vulnerabilities, such as hardcoded secrets and predictable credentials, while highlighting improvements in security compared to earlier AI-generated code.

This article outlines seven key habits for development teams using AI coding tools. It emphasizes the importance of managing both human and AI-generated code to avoid maintenance problems and technical debt. Following these guidelines helps ensure code quality and security.

This article investigates the data sent by seven popular AI coding agents during standard programming tasks. By intercepting their network traffic, the research highlights privacy and security concerns, revealing how these tools interact with user data and potential telemetry leaks.

Lovable, an AI coding platform, is approaching 8 million users and has seen significant daily product creation since its launch a year ago. Despite a recent dip in traffic, CEO Anton Osika emphasizes strong user retention and plans to enhance security as the company scales.

The article examines the security implications of using AI-generated code, specifically in the context of a two-factor authentication (2FA) login application. It highlights the shortcomings of relying solely on AI for secure coding, revealing vulnerabilities such as the absence of rate limiting and potential bypasses that could compromise the 2FA feature. Ultimately, it emphasizes the necessity of expert oversight in the development of secure applications.