|
Welcome back! Websites created through coding tools from OpenAI, Anthropic, Cursor, Replit and Devin have security flaws, new research shows. These AI-generated websites can be tricked into leaking sensitive data or mistakenly sending money to hackers, AI security startup Tenzai told The Information. “Our initial goal was to compare these different AI coding tools and see which one was best for security,” Tenzai researcher Ori David said. “Our conclusion was that we don’t really have a winner. All of them do a pretty bad job.” A Replit spokesperson said in a statement that “security is designed into every layer of our platform,” and added that the company regularly updates its product’s security. An OpenAI spokesperson declined to comment on Tenzai’s research but pointed to the company’s prior statements urging Codex users to review any code the model generates before running it. The other companies did not comment. The findings from Israel-based Tenzai, which was founded last year, come as a growing number of developers and non-coders are using coding tools to create their own websites, with mixed results. The AI tools Tenzai tested include the venerable Claude Code. Some firms are pushing engineers to embrace automated coding tools as a way to speed up app development while others have warned the practice has led to unintentional software disasters such as the accidental deletion of their entire codebase. In their tests, Tenzai researchers instructed five of the best-known AI coding tools to create shopping sites, online forums, and file sharing sites. Tenzai then tested the resulting websites with its own AI agent, which hammers sites with cyberattacks to find security flaws. (AI sold by Tenzai, which raised $75 million at a $330 million valuation in November, relies on models from Anthropic, OpenAI and other providers to test software for possible vulnerabilities.) To their credit, the AI coding tools seemed to have been designed to prevent common types of vulnerabilities, according to the research findings. For instance, commonly used attacks known as SQL injections—where hackers type malicious code into parts of a website, like the search box, to trick it into leaking sensitive data—didn’t work on any of the targets, Tenzai found. But the AI-coded sites were nonetheless susceptible to being tricked into malicious behavior in other situations. For instance, four out of the five AI coding tools (all but OpenAI’s Codex) created shopping sites that would let people set a negative number of items to purchase at checkout, tricking their systems into crediting the customer money. In another instance, Codex created a marketplace website that made sure buyers couldn’t view other people’s purchase information, but it potentially exposed shoppers’ data by inadvertently allowing sellers to see what any buyer was spending money on. “Vibecoding is a super powerful tool that is being used and will continue to be used widely,” Tenzai cofounder and CEO Pavel Gurvich said. “We’re not trying to slow down adoption of these things, but this is a reminder to developers and companies who want to use vibe coding at a large scale that you need checks and balances and to test these things.” Tenzai has shared its research with the firms, which are using the findings to improve their products, Gurvich said. Linux Creator Gives Thumbs-Up to Google AI Coding Tool Given Linus Torvalds‘ reputation as a prickly personality, one might expect the software industry icon and creator of the Linux open source software to not be a fan of AI-generated code. But Torvalds recently used Google’s Antigravity AI tool to develop part of a personal software project and he appears to have come away impressed by its capabilities. Torvalds used Antigravity to create AudioNoise, a set of digital audio tools for guitarists, and “it mostly went smoothly,” he said in project notes posted to GitHub. “Is this much better than I could do by hand? Sure is,” Torvalds said in the notes. That Torvalds is giving even mild praise to the tech could get other skeptical developers to give it a try. Torvalds isn’t exactly a font of positivity on software-related matters. Last summer, he publicly derided a Google engineer‘s contribution to the Linux software engine for RISC-V, a free, open-source challenger to chip designs from SoftBank’s Arm Holdings, as “garbage” code. There don’t appear to be any hard feelings at Google. Varun Mohan, the former CEO and co-founder of AI coding startup Windsurf, who joined Google DeepMind last summer and works on the Anitgravity product, seemed positively giddy about Torvalds’ shout-out. “Truly an honor to see one of my programming heroes…using Antigravity to build part of his most recent project,” Mohan said in an X post.
Thank you for reading the Applied AI newsletter! I’d love your feedback, ideas and tips: aaron@theinformation.com. If you think someone else might enjoy this newsletter, please pass it forward or they can sign up here.
|
