Are insecure code completions a vulnerability?

        June 10, 2026

        Every code generation LLM model available will at some point suggest insecure code as a part of “code completion”. Should this behavior be considered a vulnerability? This post details a single concrete example I experienced with the bundled PyCharm “Full Line Completion” plugin with a project I am familiar with (urllib3).
Read more: https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability

                                Don't miss what's next. Subscribe to sethmlarson.dev:

            Email address (required)

          Add a comment:

    You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.

                Share this email:

                                Share on Hacker News

                                Share on Reddit

                                Share via email

                                Share on Mastodon

                                Share on Bluesky