DARR
MR-019 Model & system behaviour System scope

Insecure or vulnerable code generation

The system generates code containing security vulnerabilities that propagate into production software.

Risk family
Model & system behaviour
MIT domain
2. Privacy & Security
MIT subdomain
2.2 > AI system security vulnerabilities and attacks
AI type
GPAI, Agentic
Scope
System
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
Cui2024, Gabriel2024, Gipiškis2024, IBM2025
ISO/IEC references
23894 obj A.11; src 7; mech B.5 | 42001 ctrl A.6.2.4

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 238941
  • A.11 ISO/IEC 23894 Annex A A.11
ISO 420011
  • A.6.2.4 ISO/IEC 42001 Annex A A.6.2.4
Cross-checksframeworks mapped in to test coverage
IBM1
  • ibm-harmful-code-generation Harmful code generation
Cisco1
  • AISubtech-12.2.1 Code Detection / Malicious Code Output

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.