Copilot Writes Fast. Does It Write Safe?
New academic research digs into how often GitHub Copilot's AI-generated code suggestions contain insecure patterns.
GitHub has been touting some striking numbers about Copilot this year — in certain supported languages, the tool is reportedly responsible for suggesting up to 30% of new code developers accept. That’s a genuinely wild adoption curve for something that was in technical preview not that long ago. Autocomplete used to mean finishing a variable name; now it means Copilot proposing an entire function body based on a comment and a few lines of context.
But the faster something like this spreads, the more it deserves scrutiny, and this month a group of academic researchers published exactly that: a systematic look at how often Copilot’s suggestions contain insecure coding patterns. I haven’t seen every detail of the methodology, but the basic idea is straightforward — prompt the model with scenarios that mirror real-world coding tasks, generate a large batch of suggestions, and then check how many of them would fail a security review if a human had written them.
This matters because of how Copilot actually gets used in practice. Nobody treats it as an oracle. Most developers I know (myself included) treat it as a very fast, occasionally brilliant, occasionally sloppy junior collaborator — you take its suggestion, skim it, and move on if it looks plausible. That workflow is efficient, but it’s also exactly the kind of workflow where subtle security issues slip through. A SQL query missing parameterization, a crypto call using a weak default, a path construction that’s technically fine 95% of the time and a directory traversal bug the other 5% — those are the kinds of things that don’t jump out during a quick skim, especially when the code otherwise looks clean and idiomatic.
Why this isn’t shocking, but is still worth taking seriously
Copilot was trained on a huge corpus of public code, and public code is not uniformly secure. Old StackOverflow answers, abandoned side projects, and legacy patterns that predate current best practices are all in that mix somewhere. So it stands to reason a model trained on “how people actually write code” will sometimes reproduce “how people actually write insecure code.” That’s not a knock on the underlying idea of AI pair programming — it’s just a reminder that the tool inherits the habits of its training data, warts included.
What I think this research actually pushes forward is the conversation about process, not the tool itself. Teams adopting Copilot at any real scale probably need the same discipline they’d apply to a new junior engineer’s pull requests: static analysis, security linting, and code review that doesn’t get lazier just because the suggestion “looked AI-generated and therefore modern.” If anything, the fluency of these suggestions might be the risk multiplier — confident-looking code is exactly the kind reviewers wave through fastest.
None of this should scare anyone off using Copilot. It’s a genuinely useful tool and it’s not going away. But this is a good moment for teams to treat AI-suggested code the same way they’d treat any other unreviewed contribution: helpful, fast, and absolutely not exempt from the usual security bar.