
Key facts.
- CSET's 2024 review cites studies finding roughly 40% of Copilot-generated programs vulnerable and others higher (for example 68% and 73% in specific evaluations), while noting security evaluation is highly complex.source
- CSET frames three risk categories, including models generating insecure code and downstream effects that compound over time.source
- An agent can produce changes faster than a team can review or understand them, widening the gap between what changed and what anyone can account for.source
- CSET cites studies finding ~40% of generated code vulnerable; a bigger model ships more changes you cannot audit, so the incident hides. (arXiv:2507.09089)
Why is hard-to-audit the expensive part?
Auditability is what lets you reason about risk. Without it, the risk doesn't disappear. It just becomes invisible. CSET's review gathers the security picture: a large fraction of AI-generated code carries vulnerabilities. The exact share depends on the study and the method, and assessing it is genuinely hard. Now combine that with changes you cannot easily trace. If you cannot tell what the agent altered, why it altered it and whether each change is sound, a steady stream of possibly-vulnerable code is entering your system in a form you cannot inspect. The cost isn't any single change. You've lost the ability to answer basic questions: what is in production, why is it there, what happens if we remove it. An unreviewable change is a permanent unknown you carry forever.
Reversibility is the other half. A change you cannot cleanly revert is a commitment you cannot take back. A bad change isn't a temporary problem you roll back. It's a tangle you have to live with or unpick at great cost. Speed of generation makes this worse, because the agent accumulates hard-to-audit, hard-to-revert changes faster than humans can keep up. The productivity that felt like a win becomes a backlog of risk nobody can see into.

What keeps changes accountable?
Require auditability and reversibility as conditions of every agent change, not nice-to-haves. Each change should carry a clear record of what it altered and why, in a form a human can review, and should be revertible cleanly. Cap the rate of change to what your team can actually audit, so generation speed does not outrun understanding. Never accept a change you cannot account for or take back. CSET's numbers say a meaningful share of those changes are flawed, and an unauditable flaw is one you pay for indefinitely.
| Change property | What you can do |
|---|---|
| Opaque, hard to revert | Carry invisible, permanent risk |
| Auditable and revertible | Inspect, reason about and undo |
Keeping changes accountable is part of what VibeModel does as the Pattern Intelligence Layer. We model the patterns of an auditable, revertible change and flag the ones that are not. Agent-driven speed does not become risk your team can no longer see or undo.
Frequently asked questions
Why does auditability matter if the code works?
Because a large share of generated code is vulnerable and an unauditable flaw is one you cannot find or reason about. Working today is not safe forever.
Isn't reverting always possible with version control?
Cleanly reverting a tangled, fast-accumulated set of agent changes is often hard. Reversibility has to be a design requirement, not an afterthought.
How fast should agents change code?
No faster than your team can audit. Generation speed that outruns understanding is how invisible risk accumulates.

