AI-native and onchain workflows bring different risk profiles, which means your most important bugs have moved. Here's the data on where they went and why continuous, context-aware analysis is how to find them.
Where Your Bugs Hide Now: Findings From 1,200 Octane Reviews
AI-native and onchain workflows bring different risk profiles, which means your most important bugs have moved. Here's the data on where they went and why continuous, context-aware analysis is how to find them.
There's no shortage of opinions about AI and security right now.
There is, however, a shortage of data. And the better our data, the better our decisions.
So we combed through a sample of 1,200 recent Octane analyses to see what patterns emerged across a sample of dozens of codebases, which statistics stood out, and what it all means for AI-native development and security.
Scope
- 1,200 Octane reviews across 65 discrete codebases
- Comprising 17,328 unique findings
- Broken down by severity:
- 297 Critical
- 1,971 High
- 6,058 Medium
- 5,338 Low
- 3,664 Informational
Fresh code keeps producing fresh findings
Octane delivered at least one finding in 1,071 of the 1,200 reviews, meaning 10.8% of runs were entirely clean.
Of the 1,071 positive reviews, 94% surfaced at least one finding that was new to that codebase.
Measured against the set of all 1,200, 89% of reviews delivered at least one finding and 84% delivered at least one net-new finding.
Re-scanning the same codebase is almost never wasted. A single tweak to a line of code can ripple outward to meaningfully affect a critical part of your entire architecture. The risk surface keeps changing, making automated review on every PR the fastest way to catch vulnerabilities early.
Authorization issues are the biggest risk for AI-native applications
Software is increasingly becoming AI-native, which we'll define as any platform where core workflows are carried out by AI models or agents.
Of the 707 High and Critical findings Octane delivered for AI-native applications:
- 52% (368) are authorization failures, broken down as:
- Cross-tenant / multi-tenancy: 26% (181)
- Missing access control: 17% (120)
- Authentication bypass: 9% (67)
- Across all severity levels, authorization issues represent 26% of findings, making it the largest single classification.
In these applications, customer data tends to sit behind one system, and agents have to ingest it, contextualize it, and make decisions using it. That makes authorization a primary concern for everything agentic, from chatbots on up.
Cross-tenant exposure, where Customer A, through ordinary use, can reach Customer B's data, made up 26% of higher-severity findings. These issues represent 54% of Critical findings in AI-native workflows, making it sharply overrepresented among the most severe issues.
In one platform, an ordinary client-portal user could enumerate other user IDs and scrape their full pricing and fee structure. The same authorization check that would prevent this existed on neighboring endpoints in that codebase, this one path just omitted it until Octane flagged it.
Missing access controls, where a privileged action runs without checking whether the caller is actually allowed to perform it, made up 17%.
And authentication bypasses, where the system accepts the wrong credential, or none at all, made up 9%.
As more and more agentic AIs are embedded into more and more workflows, the need to clearly define permissions and access controls becomes critical.
Onchain, reentrancy is no longer a leading finding class
Reentrancy is the original sin of smart contracts. It was the pattern responsible for nearly a billion dollars of losses on Ethereum from 2016-2022.
Reentrancy typically involves a contract releasing funds before it updates its own internal ledger, and the receiving contract then immediately calling back in – “re-entering” the same function – to take advantage of the stale balance and withdraw funds over and over.
It's how The DAO was drained of roughly $60 million in 2016, an event severe enough to fork Ethereum itself. And for most of the last decade it was the canonical onchain vulnerability, the first thing any auditor (or attacker) went looking for.
But of the 1,352 High and Critical findings Octane delivered for onchain protocols, reentrancy accounted for just 6 of them: 0.4%.
Across all severities, reentrancy and the closely related checks-effects-interactions violations make up just 2% of onchain findings.
Reentrancy guards are included in every major contract library, static analyzers flag the basic pattern instantly, and it's the first bug a Solidity developer is taught to identify and avoid.
A decade of tooling, patterns, and muscle memory built around this single vulnerability has, according to this data, paid off.
The remaining bugs are bespoke
Context-specific logic issues were found in 59 of 65 codebases. On their own, they accounted for 2,991 unique findings, or 17% of the dataset.
These bugs are the product of a platform or protocol’s particular design, the complex combination of choices made that differentiates one system from another.
Their highly context-dependent nature means no single rule captures them cleanly. They depend on the interaction between permissions, accounting rules, integrations, upgrade paths, and state transitions. That’s where continuous, context-aware analysis is most effective.
Agentic development needs agentic security
The bugs have moved on but most security tooling is still looking where they used to be.
Static analysis remains useful for known patterns, but it cannot infer project-specific design choices or business logic. Human review is essential for high-impact decisions, but it cannot run exhaustively on every pull request. Continuous, context-aware agentic security covers the space between them.
Book a 30-minute walkthrough to identify your software’s weak spots before an attacker does.
Methodology: Findings were deduplicated within codebases and categorized from Octane review data. Results describe this corpus, not the full software-security market.
