In this session, we’ll explore how security leaders can navigate the risks of AI-generated code, implement secure development guardrails, and strike the right balance between innovation and security. AI is prediction, not understanding — making security review essential. We’ll also discuss the importance of having the right policies, training, and tooling in place to manage trust, validate outputs, and prepare for emerging threats.

1. AI Code
Generation
Risks
Ramkumar Dilli

2. CONTENTS
Why Developers Love AI Tools
2.
1. Introduction
Real-World Incidents
The Security Risks
3. 4.
Balancing Innovation with Security
The Business Risk
5. 6.
The Future of Secure AI Coding
Mitigations & Best Practices
7. 8.
Q&A / Discussion
Key Takeaways
9. 10.

3. 02
Why Developers Love AI Tools

4. Introduction
Copilot, ChatGPT,
CodeWhisperer
Rapid adoption Developer
productivity boost
The Rise of AI Code Assistants

5. Cuts boilerplate
Quick learning of APIs/libraries
Benefits
Fewer Stack Overflow searches
Faster problem- solving
01
02
03
04
Why Developers Love Them

6. 03
The Security Risks

7. AI generates code, not security
Developers may trust output blindly
Security review gaps
Security Concerns
01
02
03
But What About Security?

8. Real-World Example: AI-Generated SQL Injection Risk

9. Vulnerable code patterns
01
Prompt injection attacks
03
Licensing/IP contamination
02
Sensitive data leakage
04
Key Risks
Core Security Risks

10. Unsafe library usage
Hardcoded secrets
Examples
Insecure defaults No
validation/sanitization
Vulnerable Code Patterns

11. 40% of Copilot’s security- sensitive code had vulnerabilities
ExamplesSQL Injection, XSS
NYU 2021 Study
01
02
Copilot Vulnerability Study

12. Risk of GPL contamination
AI trained on public repos
Concerns
Unclear legal standing
Licensing and IP Risks

13. AI completion can be
manipulated
Hidden instructions in
prompts
New attack surface
Risks
Prompt Injection Attacks

14. Proprietary logic
exposure
Developers pasting code
into AI tools
Incidents
Samsung engineer's
incident
Sensitive Data Leakage

15. 04
Real-World Incidents

16. Product Company
ChatGPT ban
Copilot’s vulnerability
study
GitHub’s disclaimers
Key Incidents
Examples

17. Real-World Example: Product Company ChatGPT Data
Breach

18. 05
The Business Risk

19. Technical debt & CVEs
Legal/IP liability
Compliance failures
Potential Issues
Reputational harm
Risks

20. 06
Balancing Innovation with
Security

21. Don’t ban—govern Policy and training Shift- left security approach
Strategies
01 02 03
Approach

22. 07
Mitigations & Best Practices

23. Recommendations
Mandatory code reviews Static/dynamic analysis Secure coding guidelines Defined AI usage policy
Best Practices for AI Code Use

24. 01
Security fundamentals
02
Threat modeling
Training Focus
03
AI limitations
Developer Education

25. Best Practices to Make AI Code Safer

26. Define approved
use cases
Restrict sensitive
inputs
Monitor and log
usage
Policies
01
02
03
Governance and Policy

27. Secret scanning tools
SAST/DAST integration
Dependency checks
Tools
Tooling Support

28. 08
The Future of Secure AI
Coding – Data Leakage &
Privacy

29. Directions
01.
Research on secure generation
Embedded security guardrails
AI helping fix vulnerabilities
Summary
02.
AI code tools = power + risk
Security must be intentional
Policy, training, and tools
Balance speed with safety
Research

30. Enterprise Risks: Data Leakage & Privacy

31. 09
Key Takeaways

32. Power and Risk
AI code tools bring real power to
developers.
They also introduce real risks related
to security and compliance.
Security must be an intentional
aspect of utilizing AI tools.
AI Code Tools

33. Implement tooling to automatically
review and catch vulnerabilities.
Regular scans can help maintain
security standards.
Automated Reviews and Scanning
Clear policies are needed to define acceptable
AI tool usage.
Developers must be trained to understand the
risks of AI suggestions.
Proper training includes learning how to
mitigate potential security vulnerabilities.
Clear Policies and Training
Best Practices

34. A company didn’t
ban AI tools after
discovering
security risks.
They created
clear usage
policies and
trained
developers.
Enforced reviews
and scanning
helped achieve
faster development
while maintaining
security.
Balanced Approach
01
02
03
Product Company Example

35. AI in coding should be governed, not
feared or banned.
Combine policy, training, and
automation to safely enable
innovation.
Safe and Responsible Innovation
Governance and Enablement

36. 10
Q&A / Discussion

37. Thanks