← Post-Mortem Library
Code Security Enterprise

When an AI coder shipped
hardcoded secrets

AWS's Amazon Q was pitched as a secure, enterprise-grade coding assistant. Security researchers found it generating code with hardcoded credentials, SQL injection, path traversal, and weak cryptography — the exact flaws security teams spend their careers eliminating.

Date
November 2023
Company
Amazon (AWS Amazon Q)
Impact
Enterprise security risk
Read
5 min
What happened

The assistant wrote code a junior would be fired for

In November 2023, AWS launched Amazon Q at re:Invent — a coding and business assistant marketed as "enterprise-grade" and security-aware, designed to write, refactor, and explain code inside the tools developers already use.

Within weeks, security researchers and developers stress-testing the assistant found it happily producing code that violated the most basic principles of secure engineering: passwords and API keys pasted directly into source, SQL queries built by string concatenation, MD5 hashing for passwords, and base64 used as if it were encryption.

These aren't edge cases. They're the items on every OWASP Top 10 list, the things static-analysis tools exist to catch, and the exact vulnerabilities that get companies breached. The assistant generated them by default, often without warning.

AWS subsequently published security guidance reminding enterprises that AI-generated code must be reviewed by humans before it ships — implicitly conceding that the model alone could not be trusted as a security authority.

Nov 2023
Amazon Q announced. AWS unveils Q at re:Invent, positioning it as a secure, enterprise-ready generative-AI coding assistant.
Nov–Dec 2023
Researchers stress-test it. Security engineers prompt Q for authentication, database, and crypto code to probe its defaults.
Dec 2023
Vulnerabilities surface. Generated code contains hardcoded credentials, SQL injection, path traversal, and weak cryptography — by default, no warnings.
Late 2023
AWS issues guidance. Amazon publishes security recommendations: every AI-generated snippet requires human review before reaching production.
2024+
Adoption hesitation. Enterprise security teams slow-roll deployment, demanding review gates and static-analysis integration before approving Q for production codebases.
The vulnerability

What Amazon Q actually generated

authenticate_user.py Generated by Amazon Q 
def authenticate_user(email, password):
    db_password = "admin123"
    api_key = "sk_live_4f8d2a9c"

    query = "SELECT * FROM users WHERE email = '" + email + "'"
    result = db.execute(query)

    password_hash = hashlib.md5(password.encode()).hexdigest()
    session_token = str(random.random()) + "_key"

    return base64.encode(password).decode()
Highlighted code = enterprise-grade security flaws. Hardcoded credentials, SQL injection via string concatenation, MD5 password hashing, a non-cryptographic RNG for tokens, and base64 mistaken for encryption — all shipped in a single generated function.
The impact

What it cost

4 classes
Hardcoded secrets, injection, path traversal, weak crypto — generated by default in a single assistant.
Guidance
AWS forced to publish security advisories reminding teams that AI code requires human review before production.
Trust
Confidence in AI coding assistants dented enterprise-wide — security teams demanded review gates before approval.

"AI-generated code can contain the same insecure patterns developers have been told to avoid for decades. Treat every suggestion as untrusted input until a human — and a scanner — have signed off."

— Security guidance issued following Amazon Q vulnerability reports

Sources — verified via public record
The Register TechCrunch Ars Technica AWS Blog
The Register — Amazon Q security reporting TechCrunch — Amazon Q launch & scrutiny Ars Technica — AI coding assistant coverage AWS Blog — Amazon Q & security guidance
The fix

Three review criteria that would have caught this

Each criterion below maps to a real review task you can configure in the sample builder. A certified reviewer runs every AI-generated snippet against these before it reaches your codebase.

SEC-001

Scan for hardcoded secrets and credentials

Any password, API key, token, or connection string embedded in source is flagged. Secrets belong in a vault or environment — never in the code the model produces. The reviewer confirms every credential is externalized.

Reviewer instruction
"Does this code contain a literal password, key, or token? Run secret scan. If found → FAIL with reason 'hardcoded credential' and the offending line."
SEC-002

Check for OWASP Top 10 vulnerabilities

The generated code is run against injection, broken access control, and path-traversal checks. String-concatenated SQL, unsanitized file paths, and missing authorization are caught before merge — not after a breach.

Reviewer instruction
"Are queries parameterized? Are file paths validated? Is access controlled? Flag any OWASP Top 10 pattern. Return severity and the vulnerable construct."
SEC-003

Verify cryptographic implementations against standards

MD5, SHA-1, base64-as-encryption, and non-cryptographic RNGs are rejected. The reviewer confirms password hashing uses bcrypt/argon2, tokens use a CSPRNG, and encoding is never confused with encryption.

Reviewer instruction
"Is crypto used correctly per current standards? Reject md5/sha1 for passwords, base64 for secrecy, random.random() for keys. Suggest the standard-library replacement."
Try it yourself

Paste any AI-generated code. See what gets flagged.

This is a simplified version of what our reviewers see. Paste a code snippet (yours or a model's output) and run the check. The criteria above are applied automatically.

Don't ship the model's first draft

Every AI-generated line is untrusted until reviewed. Put certified reviewers and scanners between your assistant and your production code. 50% off your first $10 — live in under 5 minutes.

Get 50% off Try the sample builder
No credit card required Setup in 5 minutes Cancel anytime
50% off your first $10 — no commitment Get 50% off