AI-generated code is turning application security into an identity problem. The article describes defects in authentication, token handling, secret storage, and access logic, which means the risk is not confined to code quality. Those flaws shape who can log in, what can be called, and which credentials remain exposed. Once code creates weak identity boundaries, IAM and PAM assumptions start failing inside the application layer. Practitioner conclusion: secure code review now needs identity review.
A few things that frame the scale:
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
A question worth separating out:
Q: Should organisations reduce senior developers when adopting AI coding tools?
A: No. The article’s evidence points in the opposite direction. AI tooling raises the premium on experienced reviewers who can spot subtle security flaws, challenge insecure patterns, and design controls that survive production conditions. Removing that expertise makes the organisation faster at creating risk.
👉 Read our full editorial: AI-generated code is exposing enterprise apps to more security risk