AI-generated code is shipping to production without security review. The tools that generate the code don’t audit it. The developers using the tools often lack the security knowledge to catch what the models miss. This is a growing blind spot in the software supply chain.
As a security professional it amuses me that you think non-AI generated code is manually reviewed for security. Either you are committed to code quality or you are not. If you are you have automated testing, standard architectural patterns and vulnerability scanning. Peer reviews are great but do not scale and are far from comprehensive.