# Larson: Are insecure code completions a vulnerability? > Source: > Published: 2026-06-10 16:43:14+00:00 Seth Larson, the Python Software Foundation's [security developer-in-residence](https://pyfound.blogspot.com/2023/06/announcing-our-new-security-developer.html), has [written about](https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability) the difficulty in classifying insecure code completion in the [PyCharm IDE](https://www.jetbrains.com/pycharm/) using its [Full Line code completion](https://www.jetbrains.com/help/pycharm/full-line-code-completion.html) plugin. Larson discovered that the plugin, which uses a local "deep learning module" to offer code completions, suggests code that would lead to severe vulnerabilities. He was unsure whether it warranted a CVE or not, however: I reported this behavior to JetBrains for "Full Line Code Completion" v253.29346.142 and clearly their support staff weren't certain whether this defect was a security vulnerability or not either. When I asked to publish a blog post about this behavior after they confirmed this report wasn't a "direct security vulnerability" (which I agree with) but then was asked not to publicize my report and referred to PyCharm's [Coordinated Disclosure Policy]so... which is it? Security vulnerability or not?I ended up waiting the 90 days anyway and I didn't hear back with any substantive update from the development team. I double-checked again today using "Full Line Code Completion" v261.24374.152 and the behavior is identical, suggesting the same insecure code for both contexts. This isn't meant to be a specific dig at PyCharm or JetBrains, I have no-doubt that examples like this exist in every code generation model available.