DAST for AI-Generated Code: Tools, Workflow & What Gets Caught

AI coding assistants ship plausible-looking code that frequently nobody reviewed line by line. DAST tests the running app for the runtime gaps that survive review. Here is what to run, when, and what to expect.

··12 min read·By ismycodesafe.com Security Team

Key Takeaway

DAST tests your running app from the outside - no source code needed - and catches the runtime gaps AI-generated code consistently leaves: missing security headers, exposed debug endpoints, broken auth flows, and permissive CORS. Run SAST tools (Semgrep, CodeQL) in CI on every commit to catch code-level flaws earlier. Wire both into a DevSecOps pipeline and you cover what neither catches alone.

Why DAST for AI-Generated Code

A 2023 Stanford University study found that developers using AI coding assistants produced significantly less secure code than those writing manually - and were more confident their code was secure. That confidence gap is the actual problem. The code looks finished. It compiles. Tests pass. But Snyk's 2023 research found security flaws in roughly 4 out of 5 AI code suggestions across multiple languages. The vulnerabilities were not exotic. They were textbook: missing input validation, insecure defaults, hardcoded credentials, absent authentication checks.

DAST (Dynamic Application Security Testing) is well-suited to this problem because it does not need source code. It tests the running application by sending real requests and observing responses - exactly as an attacker would. It finds the issues that only appear when the app is actually live: the missing Content-Security-Policy header that the AI never thought to add, the debug endpoint left open because the model copied a tutorial, the permissive CORS that exposes every authenticated route. Static review and SAST tools catch what is visible in the code. DAST catches what only shows up when the code is running.

For a full breakdown of how DAST differs from SAST and when to run each, see SAST vs DAST: When to Use Each. This article focuses on the AI-generated code angle: which tools to run, what patterns to expect, and how to build a DevSecOps pipeline that handles code you did not write line by line.

What DAST Finds

AI tools optimize for the happy path. They generate code that handles the normal case cleanly, then skip the tedious parts - security headers, authentication edge cases, error responses that do not leak stack traces. DAST is built to find exactly those gaps:

  • Missing or misconfigured security headers. Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options are absent from most AI-generated backends unless the developer explicitly asked for them. DAST hits the live server and checks.
  • Exposed debug endpoints. AI-generated code often includes /debug/, /api-docs, GraphQL playground, and verbose error responses that were reasonable in development and should not have made it to staging.
  • Authentication gaps. AI tools generate auth flows that work for the demo but fail under real adversarial requests: session tokens that do not expire, password reset flows that accept any token, admin routes accessible without credentials.
  • Reflected inputs. When SAST flags a possible injection and DAST later confirms the endpoint is exploitable, you have a real bug. DAST confirms exploitability against the live target, cutting false-positive fatigue.
  • Server misconfiguration. Default admin panels, open directory listings, unnecessary HTTP methods - things the AI never touched but the server exposes by default.

DAST Tools

Four DAST tools come up in practice. None require source code access, only a URL to hit.

  • OWASP ZAP. The most widely adopted free DAST tool. ZAP runs full spider and active scan modes, integrates as a GitHub Action, and produces structured reports you can gate a CI job on. Good starting point for teams without a dedicated security team.
  • Nuclei. ProjectDiscovery's Nuclei is template-driven and fast. It scans for thousands of known vulnerability patterns and CVEs, runs well in CI, and the template library is community-maintained. Useful when you want targeted checks rather than a full spider crawl.
  • Nikto. A lightweight scanner for quick surface checks: outdated server software, dangerous HTTP methods, default files, and server misconfigurations. Fast enough to run on every staging deploy before it gets more complete ZAP coverage.
  • Burp Suite Community Edition. The industry standard for manual security testing. The free version lacks automation but is the right tool for investigating a specific finding from DAST or reproducing a vulnerability manually.
  • ismycodesafe.com. Runs a black-box DAST pass against your live site without requiring source access or configuration. Covers security headers, exposed endpoints, SSL/TLS, open ports, and AI-generated code patterns in a single scan. Useful when you want coverage without managing a ZAP installation.

SAST Tools

DAST runs against the live app and finds runtime gaps. SAST runs against the source code and finds code-level flaws before merge. The two catch different things. Here are the tools worth integrating:

  • Semgrep. Semgrep runs as a CI check on every pull request. The free ruleset covers injection patterns, hardcoded secrets, and dangerous function calls across Python, JavaScript, TypeScript, Go, and Ruby. Fast enough to run without slowing the PR workflow.
  • CodeQL.GitHub's native static analysis engine, free for open source. It does dataflow analysis - it traces untrusted input from the entry point through every function call until it reaches a sink, which makes it more precise on injection and XSS than pattern-matching tools.
  • Bandit. Python-specific. Fast, opinionated, and easy to add as a pre-commit hook. Catches SQL injection candidates, weak cryptography, hardcoded passwords, and subprocess calls with shell=True - all patterns that appear frequently in AI-generated Python.
  • ESLint security plugins. eslint-plugin-security and eslint-plugin-no-secrets add security-specific rules to an existing ESLint setup. Low overhead if you already have ESLint configured; useful for catching AI-generated JavaScript patterns that the model copied from insecure tutorials.
  • SonarCloud. Free for public repositories, paid for private. Covers a wide language set, tracks security debt across PRs, and integrates with GitHub, GitLab, and Bitbucket. More comprehensive than Semgrep but takes longer to set up.

DevSecOps Tools

The goal of a DevSecOps pipeline is to gate security at every stage - commit, PR, staging deploy, production release - so a finding has a known owner and a known fix point before it ships. These tools wire SAST and DAST into that pipeline:

  • Snyk. Snyk integrates with GitHub as a PR check and scans dependencies, containers, and code. The free tier covers open source projects. It blocks merges on critical vulnerabilities and automatically opens PRs to update vulnerable dependencies - useful when AI-generated code pulls in packages it does not need.
  • detect-secrets. Yelp's detect-secrets runs as a pre-commit hook and blocks commits containing credential patterns: API keys, connection strings, private keys, and tokens. AI models frequently generate code with placeholder secrets that developers forget to remove; this catches them before they hit the repository.
  • GitHub Actions security workflows. GitHub provides first-party workflow templates for CodeQL (SAST on every PR) and ZAP (DAST on staging deploy). Adding both to .github/workflows/ takes under an hour and gives you coverage at every stage without additional tooling.
  • Dependabot. Automatically opens pull requests when dependencies have known CVEs. AI-generated code often pins older versions or pulls in packages it found in a training example; Dependabot keeps those current without manual tracking.
  • Trivy. Trivy scans container images and filesystems for known vulnerabilities in OS packages, language dependencies, and configuration files. If you ship Docker containers with AI-generated Dockerfiles, Trivy belongs in the build step.

What AI Code Gets Wrong

Five vulnerability classes show up repeatedly when scanning AI-generated codebases through ismycodesafe.com. DAST confirms the first two as runtime-exploitable against the live app; SAST catches the rest at the code level.

Missing CSRF Protection

AI tools routinely generate form handlers and API endpoints without CSRF tokens. The generated code accepts POST requests from any origin. An attacker can create a page that submits a form to your endpoint - changing passwords, transferring money, deleting data - while the victim's browser automatically includes their session cookie.

# AI-generated Flask route - no CSRF protection
@app.route('/transfer', methods=['POST'])
def transfer():
    amount = request.form['amount']
    to_account = request.form['to']
    process_transfer(current_user, to_account, amount)
    return redirect('/dashboard')

Permissive CORS

When a developer asks an AI tool to fix a CORS error, the most common suggestion is Access-Control-Allow-Origin: *. Combined with credentials: true, this allows any website to make authenticated requests to your API.

// AI-generated Express CORS setup - dangerously permissive
app.use(cors({ origin: '*', credentials: true }));

The safe version specifies allowed origins explicitly and never combines wildcards with credentials. DAST confirms the misconfiguration against the live server.

Hardcoded Secrets

AI models generate code with placeholder API keys and passwords that developers forget to replace. Semgrep and detect-secrets catch patterns like sk-proj-, AKIA, and password = "admin" before they reach the repository.

# AI-generated - secret in source code
STRIPE_KEY = "sk_test_51H..."
OPENAI_API_KEY = "sk-proj-..."

Exposed Debug Endpoints

AI-generated code often includes debug routes, verbose error logging, and development middleware that ships to production. DAST detects /debug/, /api-docs, GraphQL playground, and stack traces in error responses against the running app.

Missing Input Validation

AI suggestions typically trust all incoming data. Form inputs, query parameters, JSON bodies - used directly without type checking, length limits, or sanitization. SAST traces untrusted input to dangerous sinks. DAST confirms exploitability with real payloads.

Safe Workflow

AI coding tools are useful when you treat every suggestion as untrusted code from a developer who does not know your security requirements. The practical workflow:

  1. Add security context to prompts.Tell the model explicitly: "Include CSRF protection," "Use parameterized queries," "Load secrets from environment variables." The model will not add these by default.
  2. Run Semgrep or Bandit on every PR. Configure it as a required check. AI-generated code that introduces a SQL injection or hardcoded secret does not merge without a human reviewing the finding.
  3. Block secrets at commit time. Add detect-secrets as a pre-commit hook. It runs in milliseconds and catches credential patterns before they reach the repository.
  4. Run DAST against staging before release. OWASP ZAP or Nuclei against the staging build catches the runtime gaps that survived code review. Gate the production promotion on the scan result.
  5. Scan the deployed site periodically. Configuration drift, new dependencies, and infrastructure changes introduce vulnerabilities after deployment. Regular DAST catches what the pre-release scan missed.

The biggest risk is not the AI tool. It is the review process. Developers review AI-generated code less critically than code they wrote themselves, because the suggestion looks finished. Process compensates for that: automated security gates at commit, PR, staging, and production mean the code is verified regardless of how quickly the developer accepted the suggestion.

Check your website right now

110 security checks in 60 seconds. Free, no signup required.

Scan My Website (Free)

ismycodesafe.com Security Team

We run automated security scans on thousands of websites daily, combining static analysis, SSL/TLS inspection, header auditing, and CVE lookups. Our team tracks OWASP, NIST, and evolving compliance requirements (GDPR, NIS2, PCI DSS) to keep these guides accurate and practical.