Backslash Security Unveils Tools to Secure AI-Generated Code

Backslash Security has revealed that popular large language models (LLMs), including OpenAI's GPT-4.1, generate insecure code by default unless explicitly prompted with security guidelines. This was announced in a recent press release. The company tested seven versions of LLMs from OpenAI, Anthropic, and Google, finding that all models produced insecure code when given simple prompts. However, when prompted with security-focused instructions, the code's security improved significantly.

To address these security gaps, Backslash Security is launching several new features, including the Model Context Protocol (MCP) Server and rules for Agentic IDEs like Cursor and GitHub Copilot in VS Code. These tools aim to ensure that AI-generated code is secure from the outset by integrating security rules directly into the coding process. The company will demonstrate these capabilities at the RSA Conference 2025.

Backslash's new offerings include machine-readable rules that can be injected into prompts to cover Common Weakness Enumeration (CWE) cases and an IDE extension that provides security reviews for both human and AI-generated code. The MCP Server connects Backslash to AI tools, enabling secure coding and vulnerability scanning, thus supporting the emerging "vibe coding" paradigm where developers rely on AI to generate code based on intuition rather than formal planning.