Reviewing AI-generated code for security: a checklist

Inputs

• Every external input is validated against an explicit schema, not just type-coerced.
• Bounds and length checks exist on anything user-controlled.
• File uploads have size limits, type checks, and don't trust client-provided names.

Authorization

• Every server endpoint that returns data confirms the caller is allowed to see it.
• IDs in URLs are checked against the current user, not just looked up.
• Admin-only routes verify role server-side, never relying on UI state.

Data handling

• No secrets in logs, error messages, or returned payloads.
• Passwords are hashed with a current algorithm, never stored or echoed.
• PII is only present in responses that the caller is authorized to receive.

Dependencies and execution

AI assistants will sometimes suggest packages that don't exist, or that exist but are abandoned. Verify every new dependency: real maintainer, recent commits, reasonable download count. Watch especially for packages with names close to popular ones — typosquatting is a known supply-chain attack.

Never execute strings constructed from user input as code or shell commands, no matter how 'safe' the assistant claims it is.

Make it routine

Stick this list in your PR template. It takes thirty seconds to run through and catches the majority of preventable issues. Security isn't about brilliant analysis; it's about not skipping the obvious checks.