Is code generated by Windsurf secure?

Windsurf is an AI-powered code editor by Codeium that generates code based on context from your codebase and natural language prompts. Like all AI-generated code, the output quality depends on the training data and the specificity of the prompt, and it may include common security antipatterns found in open-source repositories. Windsurf does not perform security analysis on the code it generates, so vulnerabilities like hardcoded secrets, missing input validation, or insecure defaults can appear in the output. The generated code should always be reviewed for security before deployment. UNPWNED can scan applications built with Windsurf-generated code to catch vulnerabilities that slipped through code review.