Never run or merge AI-generated code until a person reviews the exact diff, dependencies and commands. A plausible code block does not carry accountability.
Define intent
Write what the change should do and must not touch. Review small diffs; sprawling refactors can hide unrelated deletions.
Check dangerous edges
- Authentication and authorization.
- Input validation and injection.
- Secrets and environment files.
- Shell commands and network calls.
- New packages and install scripts.
- Logs that may expose data.
Verify dependencies
Confirm every package exists in the official registry and is the intended project. Models can invent believable names. Inspect lockfile changes before installing.
Test failure paths
Add tests for malformed input, missing permissions, timeouts and repeats. Run static analysis and the existing suite. A generated test repeating the implementation is not independent evidence.
Keep the branch protections used for any unfamiliar contributor. Speed matters only while the review surface remains understandable.
Run it in a contained environment
Use a disposable branch, test account, container or sandbox with no production secrets. Deny outbound network access unless the test requires it. A review can miss a command hidden in a build hook, so containment complements—not replaces—reading the code.
Trace data through the change
Identify every input, transformation, storage location and output. Check authorization at the server boundary rather than trusting a generated user interface. Confirm logs do not capture passwords, tokens or full uploaded documents.
Challenge the happy path
Try an empty value, oversized input, wrong account, expired token, duplicate request and interrupted network call. Check that retries do not create duplicate charges or records. Security failures often live where the sample prompt did not ask the model to look.
Keep attribution and licensing visible
Do not accept the model's assurance that code is original or license-safe. Review suspiciously distinctive blocks, package licenses and repository policy. Record AI assistance if the project's contribution rules require it.
Review configuration alongside source
Generated infrastructure files can expose a service publicly, weaken security headers or grant a wildcard permission even when the application code looks harmless. Include manifests, workflow files, database migrations and deployment settings in the diff. Run a dry deployment and inspect the planned resources before applying changes to a live account.
Have a second reviewer inspect high-impact changes without first reading the model's explanation. Independent review can catch assumptions that the generated summary made sound settled, especially around permissions, destructive migrations and fallback behavior.
Require a clean review before merge.
Sources & methodology2 sources - evidence for this revision
The records below show what each source supports in this published revision.
- OWASP Top 10 for LLM ApplicationsOWASPreference - Retrieved Jul 12, 2026
What it supportsOWASP identifies insecure output, supply-chain and excessive-agency risks.
- Secure by DesignCISAreference - Retrieved Jul 12, 2026
What it supportsCISA promotes secure defaults.



