Automated security reviews in Anthropic's Claude Code identify bugs but can create new risks by executing code during testing. While it finds some vulnerabilities effectively, it failed on more complex issues and misidentified dangerous code as safe. Researchers warn caution, suggesting AI's code review should not replace human oversight due to risks like prompt injection and naive decision-making. Recommendations include restricting production access and requiring human validation for risky AI actions.
https://www.theregister.com/2025/09/09/ai_security_review_risks/

