AI Code Scans Find Bugs Missed by Human Review

- While AI-assisted coding tools are adopted by over 90% of developers to boost productivity, a CodeRabbit study analyzing 470 pull requests found that AI-generated code contains approximately 1.7 times more issues than code written solely by humans. Logic and correctness issues were 75% more common in AI-authored code, and readability problems increased by more than threefold. - The Department of Defense (DoD) is establishing comprehensive frameworks for AI implementation, including the 2023 Data, Analytics, and AI Adoption Strategy, which sets the direction for AI deployment to gain a decision-making advantage. Contractors must align with the DoD's five Responsible AI Tenets: Responsible, Equitable, Traceable, Reliable, and Governable. - The 2025 National Defense Authorization Act (NDAA) includes numerous provisions to reshape the military's approach to AI, such as establishing an alternative test and evaluation pathway for new software acquisition programs to increase agility. It also directs the intelligence community to track the efficacy and safety of its AI systems and tasks the DoD with creating a comprehensive AI assessment framework. - Legacy system vulnerabilities pose a significant threat to AI security, with attackers recycling proven methods like code injection and SQL injection in AI environments, which can magnify their impact. A significant number of common AI weaknesses overlap with the most exploited Common Weakness Enumerations (CWEs) and the OWASP Top 25. - The Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs offer critical early-stage funding for technology-focused small businesses. Success stories include Endurica, which, with a DoD SBIR grant, tested its predictive software on Abrams tanks, and SubUAS, which developed a drone capable of operating in both air and water with STTR funding. - AI security tools are becoming essential, with one report indicating that one in five organizations has already experienced a serious security incident linked to AI-generated code. These tools use AI for vulnerability detection, intelligent triage, and automated remediation to help security teams keep pace with accelerated development cycles. - To address compliance, the DoD's Responsible AI Toolkit (2023) provides practical resources, including templates and assessment guides, to help contractors align with departmental standards. A recommended implementation timeline suggests contractors should designate an AI compliance lead immediately, complete a gap assessment within 30 days, and document their AI governance framework within 90 days. - The interaction between AI tools and unmodernized legacy infrastructure creates new attack vectors, as AI systems often require broad network access. An attacker who breaches a connected legacy system could hijack the AI's credentials, enabling lateral movement across networks and turning the AI into an unwitting accomplice in a larger breach.