Seth Larson reports that PyCharm’s local Full Line Code Completion plugin suggested disabling urllib3 TLS warnings and certificate verification, using the case to examine whether insecure AI-generated coding suggestions should be treated as vulnerabilities and how vendors should handle disclosure.
Are insecure code completions in PyCharm a vulnerability?
Seth Larson reports that PyCharm's local Full Line Code Completion plugin suggested disabling urllib3 TLS warnings and certificate verification, using the case to examine whether insecure AI-generated coding suggestions should be treated as vulnerabilities and how vendors should handle disclosure.
Source: Sethmlarson