← Back to brief
ResearchOfficialPreprintarXiv Cryptography and Security

Study: 38.9% of AI-Generated Pull Requests Contain Security Smells

Jul 15, 2026

A large-scale empirical study of 4,022 pull requests from the AIDev dataset found that 38.9% of agent-generated PRs contain at least one security smell, with supply chain integrity issues accounting for 82.3% of all detected smells. Hard-coded credentials made up 99.6% of critical-severity issues, and 81.1% of these credentials went undetected before integration. The study also found that human collaborators introduced 67.6% of genuine leaked secrets in agent-assisted workflows.

Why it matters: This research reveals that autonomous coding agents introduce significant security risks that current review processes often fail to catch, highlighting the urgent need for improved security guardrails in human-AI collaboration.

Full story at: arXiv Cryptography and Security