sethmlarson.dev

Archives
Log in
Subscribe
June 10, 2026

Are insecure code completions a vulnerability?

Every code generation LLM model available will at some point suggest insecure code as a part of “code completion”. Should this behavior be considered a vulnerability? This post details a single concrete example I experienced with the bundled PyCharm “Full Line Completion” plugin with a project I am familiar with (urllib3).

Read more: https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability

Don't miss what's next. Subscribe to sethmlarson.dev:
← Newer Linting is important: screen included Older → Is the donut from Super Smash Bros. Brawl from “Mister Donut”?

Add a comment:

You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.
Share this email:
Share on Hacker News Share on Reddit Share via email Share on Mastodon Share on Bluesky
sethmlarson.dev
Bluesky
Mastodon
Powered by Buttondown, the easiest way to start and grow your newsletter.