UnixTime

Research Note

AI-Generated Code Security Review Checklist

Use this checklist when code, scripts, infrastructure-as-code, tests, or configuration snippets are generated by AI or other automated code-generation tools.

On this page

When to use this

Use this checklist when code, scripts, infrastructure-as-code, tests, or configuration snippets are generated by AI or other automated code-generation tools.

Checklist

  • Generated code has a human owner.
  • Code is reviewed against the applicable secure coding standard.
  • Secrets and credentials are checked.
  • Dependency choices are reviewed.
  • Input/output handling is reviewed.
  • Authentication and authorization assumptions are reviewed.
  • Tests are written or updated.
  • Licence/IP risk is considered where relevant.
  • Findings are tracked to closure.

Review record

Component Generator/tool Human reviewer Risk areas checked Findings Accepted?
TBD TBD TBD TBD TBD Yes/No