Does ChatGPT write vulnerable code?

Yes, ChatGPT regularly produces code with security vulnerabilities. Studies have shown that AI-generated code contains exploitable flaws in a significant percentage of cases, particularly in areas like authentication, input handling, and database queries. The model tends to prioritize code that works functionally over code that is secure, often omitting error handling, access controls, and security headers. ChatGPT also cannot verify that its suggestions are safe for your specific deployment environment. UNPWNED identifies these AI-introduced vulnerabilities by scanning the deployed application and comparing its security posture against industry standards.