AI Code Ships With 2.74× More Security Flaws | Dec 19-24
Big Picture
The AI code debate just got data.
In a new whitepaper, CodeRabbit quietly analyzed hundreds of open-source PRs and found AI-assisted code ships with measurably more security defects across a range of categories.
This week also saw a massive WhatsApp API attack (the lotusbail npm) that continues to remind us that developer trust remains the most exploitable vulnerability.
Finally, there was some end of year deal-making, totalling $11B with some massive acquisitions (most notably Windsurf being acquired by OpenAI and ServiceNow buying Armis for over $7 billion).
TL;DR
CodeRabbit study of 470 PRs finds AI-generated code has 2.74× more security vulnerabilities than human-written, with improper password handling and insecure object references leading the defect patterns.
Malicious npm package lotusbail stole WhatsApp credentials after 56,000+ downloads while functioning exactly as advertised, exposing the limits of trust-based security models.
Three deals totaling $11B+ signal AI-powered security automation as strategic imperative: ServiceNow-Armis $7.75B, OpenAI-Windsurf $3B, Checkmarx-Tromzo.
AI Code Ships With Nearly 3× More Security Issues
CodeRabbit's State of AI vs Human Code Generation Report analyzed 470 pull requests across open-source GitHub repositories: 320 AI-co-authored and 150 human-only. The data is stark:
Overall Quality- 10.83 issues per PR versus 6.45 for human-only (1.7× more)- Critical issues: 1.4× more (341 vs 240 per 100 PRs)- Major issues: 1.7× more (447 vs 257)
Security- XSS vulnerabilities: 2.74× more- Insecure object references: 1.91× more- Improper password handling: 1.88× more
Logic & Correctness (biggest gap)- Incorrect concurrency control: 2.29× more- Null-pointer risks: 2.27× more- Algorithm/business logic errors: 2.25× more
Code Quality- Readability issues: 3.15× more (98 vs 31 per 100 PRs)- Excessive I/O operations: 7.9× more- Formatting problems: 2.66× more
Takeaways
It's more critical than ever to use AI on the security side to keep up.
,000 Downloads Later, the WhatsApp API Worked Exactly as Promised
The lotusbail npm package accumulated 56,000+ downloads by delivering functional WhatsApp API capabilities. It also exfiltrated authentication credentials, session tokens, and message data to attacker infrastructure.
Literally the package worked exactly as documented while stealing everything.
This wasn't a typosquatting attack or abandoned package hijack. Developers installed lotusbail because it provided useful functionality. Traditional SCA tools scanning for known vulnerable dependencies would have cleared it. The malicious code wasn't a vulnerability; it was intentional functionality hidden alongside legitimate features.
The same week, WebRAT malware spread via fake GitHub exploit repositories targeting security researchers.
Takeaways
Attackers understand the trust patterns in developer and security communities well enough to weaponize them.
$11B Changes Hands as Market Bets on Security Automation
Three acquisitions this week totaled over $11 billion. ServiceNow acquired Armis for $7.75B at 11.5× revenue to expand security and risk capabilities. OpenAI acquired Windsurf (Codeium) for $3B to strengthen AI coding assistant infrastructure. Checkmarx purchased Tromzo to "help find and fix code problems faster."
The ServiceNow-Armis deal focuses on asset visibility rather than AppSec specifically, but the pattern across all three strategic buyers is that they believe security automation capabilities justify premium valuations.
Takeaways
When platform vendors pay double-digit revenue multiples, they're betting on where the category is headed.
Takeaways
Vulnerabilities in the Wild
This week: 11 disclosed | 3 actively exploited | 2 zero-days
Critical Severity
Cisco Secure Email Zero-Day - Cisco Secure Email AppliancesStatus: Zero-day, Actively exploitedEmail security appliances rooted and backdoored via unpatched zero-daySource
HPE OneView RCE - HPE OneViewStatus: Patch availableRemote code execution vulnerability in enterprise management platformSource
CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 - Microsoft Windows (Patch Tuesday)Status: Actively exploitedPart of 157 CVEs addressed in Patch Tuesday, three actively exploitedSource
High Severity
CVE-2025-59374 - ASUS Live UpdateStatus: Added to CISA KEVCISA warning issued despite lower urgency assessmentSource
Supply Chain Attack via TypeScript Packages - Multiple platforms (X/Twitter, Vercel, Cursor, Discord)Status: DisclosedHundreds of companies affected through supply-chain vectorSource
SAP CAR Archive Parsing Flaws - SAPCARStatus: PoC availableFour local privilege escalation bugs in SAR archive parsingSource
Medium Severity
List-Unsubscribe SSRF/XSS - Email handling implementationsStatus: DisclosedEmail header converted into SSRF/XSS gadgetSource
lotusbail npm Malware - npm ecosystemStatus: Package removed56,000+ downloads before discoverySource
WebRAT via Fake GitHub Exploits - GitHub repositoriesStatus: Active campaignTargeting security researchers via fake PoC reposSource
Lower Severity
WAF Bypass Research - Multiple WAF vendorsStatus: Research disclosedMore than half of public vulnerabilities bypass leading WAFsSource
Session Token Theft Techniques - MFA implementationsStatus: EducationalSession tokens give attackers shortcut around MFASource
Curated Reading List
Thought-Provoking
• Can Chatbots Craft Correct Code? - Deep technical analysis of AI code generation quality from security research firm, adds methodology depth beyond CodeRabbit data.
• How We Pwned X (Twitter), Vercel, Cursor, Discord Through Supply-Chain Attack - Technical breakdown of supply chain attack affecting major platforms, demonstrates scale of package ecosystem risk beyond npm lotusbail.
• Rest In Peace IBM X-Force Vulnerability Database - Industry infrastructure shutdown with implications for vulnerability intelligence workflows.
Current Events
• Docker Makes 1,000 Hardened Images Free and Open Source - Infrastructure security improvement available immediately, practical impact for container security.
• More Than Half of Public Vulnerabilities Bypass Leading WAFs - Research quantifying WAF effectiveness gap, relevant to defense-in-depth strategy discussions.
• Checkmarx Acquisition of Tromzo Accelerates Plan to Apply AI to Application Security - Detailed coverage of Checkmarx-Tromzo deal beyond brief mention in M&A section, includes integration strategy.
Related Deep Dives
• Why AI can't audit its own code
