June 9, 2026
Bug now, patch later?
Devs know AI code is riddled with holes, but ship it anyway
Everyone knows the code is shaky, but the deadline wins and the comments are furious
TLDR: A new survey says many developers believe AI-written software has more security holes, yet a big chunk still sends it out to users anyway. Commenters say the real scandal is workplace pressure: people know it’s risky, but speed, bad incentives, and boss culture keep winning.
The real chaos here is not just that a Checkmarx survey found 70 percent of developers think AI-written code is more vulnerable and 30 percent admit they knowingly ship risky code anyway. It’s that the comment section instantly turned into a workplace horror story. One of the loudest reactions was basically: this is what happens when people who raise red flags get called “slow” and pushed out. In other words, commenters aren’t just blaming the machines — they’re blaming bosses, deadlines, and a culture where shipping fast matters more than shipping safe.
That sparked a spicy split. Some readers argued this has nothing to do with AI at heart and everything to do with management ignoring warnings. Others went full cynical, saying if giant companies can release messy software and face little fallout, why would anyone else behave better? That gave the whole thread a grim, darkly comic vibe: everyone sees the problem, but nobody expects the incentives to change.
There was also some top-tier sarcasm. One commenter dryly joked they “didn’t realize all code before LLM was hole proof,” poking fun at the idea that AI suddenly invented bad software. Another asked the million-dollar question: if AI is supposedly great at finding bugs, why does it keep creating them too? That contradiction became the thread’s favorite punchline — AI as both the security guard and the burglar. The mood was a mix of resignation, eye-rolling, and “welcome to modern software.”
Key Points
- •Checkmarx surveyed 2,350 global developers, CISOs, and AppSec managers and found that 70% believe AI-generated code has more vulnerabilities.
- •AI-generated code accounted for 49% of production code in the survey, down from 54% in the previous year, while open source code accounted for 59% of production applications.
- •According to the survey, 30% of respondents knowingly ship vulnerable code to production, citing deployment pressure, remediation difficulty, and reliance on other controls.
- •The report says 93% of respondents experienced one or more security breaches due to vulnerable applications, compared with 98% last year.
- •Checkmarx found that organizations with 81-100% AI-generated code ship vulnerable code at 3.4 times the rate of organizations with 1-20% AI adoption.