Insecure or vulnerable code generation
The system generates code containing security vulnerabilities that propagate into production software.
- Risk family
- Model & system behaviour
- MIT domain
- 2. Privacy & Security
- MIT subdomain
- 2.2 > AI system security vulnerabilities and attacks
- AI type
- GPAI, Agentic
- Scope
- System
- Source standard
- MIT AI Risk Repository v4
Provenance
Framework crosswalk
Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.
- A.11 ISO/IEC 23894 Annex A A.11
- A.6.2.4 ISO/IEC 42001 Annex A A.6.2.4
- ibm-harmful-code-generation Harmful code generation
- AISubtech-12.2.1 Code Detection / Malicious Code Output
More in Model & system behaviour
Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.