AI Code Security: Why False Negatives Beat Hallucinations

The News

Sonatype CTO and co-founder Brian Fox joined ECI Research’s Paul Nashawaty to discuss the widening gap between AI-accelerated software development and the security controls organizations apply to the code that AI generates. Fox argued that the most dangerous trend in AI-assisted development is not hallucination but its opposite: models that, having learned to stop recommending non-existent dependency versions, now frequently return false negatives, telling developers their dependency stack is clean when it contains known vulnerabilities. The core of Sonatype’s proposed fix is grounding AI models in real-time data feeds, delivered through mechanisms like Model Context Protocol (MCP) or retrieval-augmented generation (RAG), so that dependency recommendations and security assessments reflect the current threat landscape rather than a training snapshot that may be six months stale or older.

Analyst Take

The false-negative problem is more dangerous than hallucination

The framing of this conversation is important. The industry has spent considerable energy mocking AI hallucinations in code, treating the spectacle of a model inventing a non-existent library version as a serious liability. Fox makes a compelling case that it is not. A hallucinated dependency fails at build time, surfaces immediately, and gets corrected. The false negative, a model that confidently reports a vulnerable dependency stack as safe, creates persistent, invisible risk. Development teams move on assuming the assessment was meaningful. Vulnerability debt accumulates quietly. This is a materially worse outcome, and it is the direction frontier models have been trending as vendors optimize for accuracy on the dimensions that are easiest to measure.

For ITDMs, the business implication is direct: any organization using AI-assisted development without a real-time data layer integrated into its security toolchain is, as Fox puts it, running its security function on six-month-old information. That is not a theoretical risk. AI-generated code is already deeply embedded in enterprise pipelines. According to ECI Research’s 2026 Application Development: DevSecOps + AppSec survey, AI code governance is the #1 priority investment area for enterprise security teams heading into 2026. The market has already identified the problem. The question is whether organizations are solving it at the right layer.

Dependency management is the real attack surface

Fox’s argument highlights a shift that many developers already recognize but that security organizations are still working to operationalize: the greatest risk in AI-generated code often lies less in the first-party logic produced by the model than in the open source dependency graph it assembles. Modern applications have relied on open source components for decades, and AI coding assistants accelerate dependency selection while making those choices less visible to developers. If a model relies on outdated training data, it can recommend packages that have since been identified as vulnerable or continue to treat them as trustworthy without access to current security context. This reinforces the need for AI-assisted development to be paired with continuously updated software supply chain intelligence rather than static model knowledge alone.

Fox’s recommendation to ground AI models with real-time vulnerability intelligence through approaches such as Retrieval-Augmented Generation (RAG) or the Model Context Protocol (MCP) reflects a practical architectural direction that is gaining momentum across the industry. Realizing that vision, however, depends on more than the AI model itself. Organizations need trusted, curated, and continuously updated vulnerability data that can be injected into the model’s context, along with mature software composition analysis (SCA) processes and well-governed software repositories. Many enterprises are still building those capabilities. ECI Research’s 2026 Application Development: DevSecOps + AppSec survey found that 67.5% of respondents identified repository access controls as a software supply chain protection they currently enforce. While this makes repository governance the most widely deployed control, it also indicates that nearly one-third of organizations have yet to establish even this foundational capability. As AI-assisted development becomes more pervasive, the effectiveness of real-time grounding strategies will increasingly depend on the maturity of an organization’s broader software supply chain governance practices.

The agentic future makes this more urgent, not less

Fox gestures toward where this is heading: fully agentic coding workflows where AI systems write, test, and iterate on code with minimal human checkpoints. In that model, a bad dependency decision made early in a project compounds with every subsequent code generation cycle. The technical debt is not linear; it is recursive. The organizations that will fare worst are those that have adopted AI coding assistance for its velocity benefits while deferring the governance infrastructure that makes that velocity safe to deploy.

The competitive and regulatory pressure to move fast is real. ECI Research’s 2025 Application Development Day 0 survey found that 83.8% of respondents use code scan tools during CI/CD processes, which is an encouraging baseline. But code scanning during CI/CD is a detection mechanism, not a prevention mechanism. In a world where AI agents are generating dependency-laden code at machine speed, detection after the fact becomes an increasingly inadequate backstop. The investment priority has to shift toward governance at the point of generation: policy-encoded dependency rules, real-time intelligence feeds, and controls that the AI system itself can consume and act on before code is committed.

Looking Ahead

The Sonatype position, that dependency intelligence grounded in real-time data is the foundational security layer for AI-native development, is well-positioned for where the market is heading. As agentic workflows mature and the volume of AI-generated code in enterprise pipelines increases, the organizations that have encoded their open source policies as machine-readable rules will have a structural advantage. Those relying on tribal knowledge, human review at launch, or periodic scanning will find themselves managing an ever-growing backlog of vulnerabilities they cannot remediate fast enough to keep pace with the generation rate.

For security and platform engineering leaders, the near-term mandate is to treat AI code governance not as a future-state initiative but as an immediate gap to close. That means auditing whether AI coding tools in use today have any real-time security intelligence integration, establishing policy-as-code for dependency governance before agentic workflows are expanded, and ensuring that SCA tooling is connected to current data sources rather than static databases. The organizations that build this infrastructure now will be the ones that can responsibly scale AI-assisted development. Everyone else is accelerating toward a vulnerability debt crisis that will eventually surface in production, and probably at the worst possible moment.