AI finally learns to secure the code it writes

The companies that made AI code generation mainstream are now scrambling to build the security layer they should have shipped from the start. Three announcements in the same news cycle tell the story.

New research covered by VentureBeat puts the number at 10%. That's the share of AI-generated code that is both functionally correct and secure. Ninety percent of development teams use AI coding assistants. Only 61% of what those tools produce actually works. And of the code that does work, barely a sixth passes basic security review. The industry built a code generation machine, pointed it at production, and skipped the part where someone checks the output.

Now the remediation race is on.

OpenAI shipped Codex Security in research preview — an agent that scans repositories for vulnerabilities, validates findings in sandboxes, and proposes fixes. The numbers from beta are striking: 1.2 million commits scanned, 792 critical findings and 10,561 high-severity findings surfaced. Alongside it, they launched Codex for Open Source, giving maintainers of projects with 1,000+ GitHub stars six months of free ChatGPT Pro, API credits, and Codex Security access. The timing is not subtle. This arrived days after curl's Daniel Stenberg shut down curl's bug bounty because AI-generated vulnerability reports had become indistinguishable from spam. OpenAI is trying to position itself as the fix for a problem its tools helped create.

Anthropic took a different approach. Their Frontier Red Team pointed Claude Opus 4.6 at Firefox's codebase and found 22 CVEs in two weeks, 14 of them high severity, representing nearly a fifth of all high-severity bugs patched in Firefox across 2025. One use-after-free bug in Firefox's JavaScript engine was identified after just 20 minutes of exploration. All 22 were patched in Firefox 148. Anthropic says they've found over 500 previously unknown flaws across open-source projects while testing Opus 4.6. That's a different value proposition: not cleaning up after AI writes bad code, but proving their AI is better at finding bugs than your security team.

Both approaches accept the same premise. AI generated the problem; AI will generate the solution. But neither addresses the structural gap: who governs the AI that governs the code?

Microsoft's answer is Agent 365, announced alongside the $99/user/month M365 E7 Frontier Suite. Every AI agent gets a unique identity in Microsoft Entra ID with role-based permissions, activity logging, and the same governance policies applied to human users. Agent 365 is available standalone at $15/user/month, with GA on 1 May. Microsoft is treating agents as security principals: entities that need identity, authorisation, and audit trails.

What this means for builders

The pattern here is that the security layer for AI-assisted development is being built after the fact, by the same companies that shipped the insecure tooling. That's not necessarily bad. They understand the failure modes better than anyone. But it does create a dependency. If you're using Codex to write code and Codex Security to audit it, OpenAI is both the problem and the solution. Same vendor, same trust boundary.

The practical question for anyone shipping software today: where in your pipeline does AI-generated code get reviewed with the same rigour as code from a junior developer you don't fully trust yet? Because that's what the 10% number means. Nine out of ten times, the AI hands you something that either doesn't work or isn't safe.

The companies building the remediation tools are moving fast. Whether they're moving fast enough depends on how many organisations treat "we use Copilot" as a security posture rather than a risk factor.

---