<p>The rapid emergence of generative artificial intelligence (AI) tools including newer iterations of Open AI’s GPT models and Anthropic’s Claude in software development has transformed coding practices, introducing both major productivity opportunities and notable security challenges. This systematic literature review examines the dual nature of AI-generated code by analyzing peer-reviewed research to quantify productivity benefits and identify associated risks. We conducted a comprehensive review spanning 2021–2025, searching five databases with roughly 40,412 initial papers. After applying inclusion and exclusion criteria and quality assessment, 44 primary studies were selected for detailed analysis. Our findings reveal substantial productivity gains across development tasks, with AI tools improving routine coding, boilerplate generation, documentation writing, and accelerated bug fixing. However, these benefits are tempered by significant security concerns. The literature shows that AI-generated code frequently contains vulnerabilities such as improper input validation, hardcoded credentials, weak cryptographic implementations, and susceptibility to injection attacks. We developed a taxonomy categorizing risks into three domains: (1) code-level security vulnerabilities, (2) performance and reliability issues, and (3) legal and ethical concerns. While generative AI offers promising productivity enhancements, its adoption requires careful risk mitigation. Our results suggest that current tools function best as partially autonomous assistants rather than fully autonomous code generators due to current limitations in contextual reasoning, deterministic reliability, and semantic consistency. Organizations should implement rigorous security reviews, integrate automated vulnerability detection, and establish governance frameworks to maximize AI capabilities while minimizing risks. This review synthesizes both the benefits and limitations of generative AI, providing essential guidance for evidence-based adoption of AI-assisted development tools.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A comprehensive analysis of security risks and productivity impacts of AI-generated code

  • Shehnila Zardari,
  • Muhammad Osama,
  • Syed Muhammad Ammar,
  • Raazia Imran Reshamwala,
  • Ariba Siddiqui

摘要

The rapid emergence of generative artificial intelligence (AI) tools including newer iterations of Open AI’s GPT models and Anthropic’s Claude in software development has transformed coding practices, introducing both major productivity opportunities and notable security challenges. This systematic literature review examines the dual nature of AI-generated code by analyzing peer-reviewed research to quantify productivity benefits and identify associated risks. We conducted a comprehensive review spanning 2021–2025, searching five databases with roughly 40,412 initial papers. After applying inclusion and exclusion criteria and quality assessment, 44 primary studies were selected for detailed analysis. Our findings reveal substantial productivity gains across development tasks, with AI tools improving routine coding, boilerplate generation, documentation writing, and accelerated bug fixing. However, these benefits are tempered by significant security concerns. The literature shows that AI-generated code frequently contains vulnerabilities such as improper input validation, hardcoded credentials, weak cryptographic implementations, and susceptibility to injection attacks. We developed a taxonomy categorizing risks into three domains: (1) code-level security vulnerabilities, (2) performance and reliability issues, and (3) legal and ethical concerns. While generative AI offers promising productivity enhancements, its adoption requires careful risk mitigation. Our results suggest that current tools function best as partially autonomous assistants rather than fully autonomous code generators due to current limitations in contextual reasoning, deterministic reliability, and semantic consistency. Organizations should implement rigorous security reviews, integrate automated vulnerability detection, and establish governance frameworks to maximize AI capabilities while minimizing risks. This review synthesizes both the benefits and limitations of generative AI, providing essential guidance for evidence-based adoption of AI-assisted development tools.