Artificial intelligence models have become increasingly adept at generating computer code. They are powerful and promising tools for software development across many industries, but they can also pose direct and indirect cybersecurity risks. This report identifies three broad categories of risk associated with AI code generation models and discusses their policy and cybersecurity implications.

Key findings include the below.

Industry adoption of AI code generation models may pose risks to software supply chain security. However, these risks will not be evenly distributed across organizations. Larger, more well-resourced organizations will have an advantage over organizations that face cost and workforce constraints.

Multiple stakeholders have roles to play in helping to mitigate potential security risks related to AI-generated code. The burden of ensuring that AI-generated code outputs are secure should not rest solely on individual users, but also on AI developers, organizations producing code at scale, and those who can improve security at large, such as policymaking bodies or industry leaders. Existing guidance such as secure software development practices and the NIST Cybersecurity Framework remains essential to ensure that all code, regardless of authorship, is evaluated for security before it enters production. Other cybersecurity guidance, such as secure-by-design principles, can be expanded to include code generation models and other AI systems that impact software supply chain security.

Code generation models also need to be evaluated for security, but it is currently difficult to do so. Evaluation benchmarks for code generation models often focus on the models’ ability to produce functional code but do not assess their ability to generate secure code, which may incentivize a deprioritization of security over functionality during model training. There is inadequate transparency around models’ training data—or understanding of their internal workings—to explore questions such as whether better performing models produce more insecure code.