Should I security review ChatGPT code?

Every piece of ChatGPT-generated code should undergo security review before being used in production applications. The model does not have awareness of your application security context, threat model, or compliance requirements when generating code. Code that appears functional in development may contain subtle vulnerabilities that only manifest under adversarial conditions, such as race conditions, authentication bypasses, or insecure deserialization. Manual code review combined with automated scanning provides the strongest coverage. UNPWNED complements manual review by performing automated security testing on your deployed application to catch issues that code review alone might miss.