{"slug": "larson-are-insecure-code-completions-a-vulnerability", "title": "Larson: Are insecure code completions a vulnerability?", "summary": "Python Software Foundation security developer Seth Larson reported that JetBrains' PyCharm IDE Full Line Code Completion plugin suggests code containing severe vulnerabilities, but JetBrains declined to classify the defect as a direct security vulnerability. Larson waited 90 days before publishing his findings, noting the same insecure code completions persisted in the latest plugin version. The incident highlights unresolved ambiguity in how AI-generated code suggestions should be treated under coordinated disclosure policies.", "body_md": "Seth Larson, the Python Software Foundation's [security\ndeveloper-in-residence](https://pyfound.blogspot.com/2023/06/announcing-our-new-security-developer.html), has [written\nabout](https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability) the difficulty in classifying insecure code completion in\nthe [PyCharm IDE](https://www.jetbrains.com/pycharm/) using\nits [Full\nLine code completion](https://www.jetbrains.com/help/pycharm/full-line-code-completion.html) plugin. Larson discovered that the plugin,\nwhich uses a local \"deep learning module\" to offer code completions,\nsuggests code that would lead to severe vulnerabilities. He was unsure\nwhether it warranted a CVE or not, however:\n\nI reported this behavior to JetBrains for \"Full Line Code Completion\" v253.29346.142 and clearly their support staff weren't certain whether this defect was a security vulnerability or not either. When I asked to publish a blog post about this behavior after they confirmed this report wasn't a \"direct security vulnerability\" (which I agree with) but then was asked not to publicize my report and referred to PyCharm's\n\n[Coordinated Disclosure Policy]so... which is it? Security vulnerability or not?I ended up waiting the 90 days anyway and I didn't hear back with any substantive update from the development team. I double-checked again today using \"Full Line Code Completion\" v261.24374.152 and the behavior is identical, suggesting the same insecure code for both contexts.\n\nThis isn't meant to be a specific dig at PyCharm or JetBrains, I have no-doubt that examples like this exist in every code generation model available.", "url": "https://wpnews.pro/news/larson-are-insecure-code-completions-a-vulnerability", "canonical_source": "https://lwn.net/Articles/1077413/", "published_at": "2026-06-10 16:43:14+00:00", "updated_at": "2026-06-11 17:52:48.524210+00:00", "lang": "en", "topics": ["ai-safety", "ai-products", "ai-tools", "machine-learning", "artificial-intelligence"], "entities": ["Seth Larson", "Python Software Foundation", "JetBrains", "PyCharm", "Full Line Code Completion"], "alternates": {"html": "https://wpnews.pro/news/larson-are-insecure-code-completions-a-vulnerability", "markdown": "https://wpnews.pro/news/larson-are-insecure-code-completions-a-vulnerability.md", "text": "https://wpnews.pro/news/larson-are-insecure-code-completions-a-vulnerability.txt", "jsonld": "https://wpnews.pro/news/larson-are-insecure-code-completions-a-vulnerability.jsonld"}}