ICSE 2026 (series) / MSR 2026 (series) / Mining Challenge /
When AI Writes Code: Investigating Security Issues in Agentic Software Changes
This program is tentative and subject to change.
Mon 13 Apr 2026 14:00 - 15:30 at Oceania V - Session 2 - Posters
AI code agents are increasingly used to generate software changes, raising questions about whether their outputs can be trusted. We investigate this by quantifying security issues in agent-generated code using a repository-level Static Application Security Testing (SAST) pipeline. We analyze 7,200 Agent Pull Requests (APRs) and 6,620 Human Pull Requests (HPRs) from 818 repositories with at least 500 GitHub stars, using four SAST engines to assess the introduction and severity of Common Weakness Enumeration (CWE) indicators. Our results show that agents introduce security risks (RQ1), including critical weaknesses such as hard-coded credentials and command injection. However, security performance varies across agents and task types, with statistically significant differences emerging for specific tasks (RQ2). Comparing agents to humans (RQ3), we find that agents introduce fewer or less severe issues on small, focused bug fixes, while differences on larger pull requests are task-dependent and driven by a small number of high-impact changes rather than systematic performance gaps. Overall, agent-generated code is neither uniformly secure nor insecure; its safety depends on task context, emphasizing the need for task-aware deployment and human-oversight.
This program is tentative and subject to change.
Mon 13 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
Mon 13 Apr
Displayed time zone: Brasilia, Distrito Federal, Brazil change
14:00 - 15:30 | |||
14:00 90mPoster | Session 2 - Posters MSR Program | ||
14:00 90mTalk | When AI Agents Touch CI/CD Configurations: Frequency and Success Mining Challenge Taher A. Ghaleb Trent University Pre-print | ||
14:00 90mTalk | Fingerprinting AI Coding Agents on GitHub Mining Challenge Taher A. Ghaleb Trent University Pre-print | ||
14:00 90mTalk | When AI Code Doesn’t Stick: An Empirical Study on Reverted Changes Introduced by AI Coding Agents Mining Challenge Issam Oukay Department of Software and IT Engineering, ETS Montreal, University of Quebec, Montreal, Canada, Mahi Begoug ETS Montreal, Moataz Chouchen Concordia University, Ali Ouni Ecole de Technologie Superieure (ETS) | ||
14:00 90mTalk | Characterizing Self-Admitted Technical Debt Generated by AI Coding Agents Mining Challenge Zaki Brahmi ETS Montreal, University of Quebec, Ali Ouni Ecole de Technologie Superieure (ETS), Mohammed Sayagh ETS Montreal, University of Quebec, Mohamed Aymen saied Laval University | ||
14:00 90mTalk | How Do Agents Perform Code Optimization? An Empirical Study Mining Challenge Huiyun Peng Purdue University, Antonio Zhong Qiu Purdue University, Ricardo Andres Calvo Mendez Purdue University, Kelechi G. Kalu Purdue University, James C. Davis Purdue University | ||
14:00 90mTalk | Comparing AI Coding Agents: A Task-Stratified Analysis of Pull Request Acceptance Mining Challenge Giovanni Pinna University of Trieste, Jingzhi Gong University of Leeds, David Williams University College London, Federica Sarro University College London | ||
14:00 90mTalk | More Code, Less Reuse: Investigation on Code Quality and Reviewer Sentiment towards AI-generated Pull Requests Mining Challenge Haoming Huang Institute of Science Tokyo, Pongchai Jaisri Nara Institute of Science and Technology, Shota Shimizu Ritsumeikan University, Lingfeng Chen Kyushu University, Sota Nakashima Kyushu University, Gema Rodríguez-Pérez Department of Computer Science, Mathematics, Physics and Statistics, University of British Columbia, Okanagan Campus DOI Pre-print | ||
14:00 90mShort-paper | On the Adoption of AI Coding Agents in Open-source Android and iOS Development Mining Challenge Muhammad Ahmad Khan Lahore University of Management Sciences, Hasnain Ali Lahore University of Management Sciences, Muneeb Rana Xtra App Studios, Muhammad Saqib Ilyas Lahore University of Management Sciences, Abdul Ali Bangash Lahore University of Management Sciences Pre-print | ||
14:00 90mTalk | Who Writes the Docs in SE 3.0? Agent vs. Human Documentation Pull Requests Mining Challenge Kazuma Yamasaki Nara Institute of Science and Technology, Joseph Ayobami Joshua Nara Institute of Science and Technology, Tasha Settewong Nara Institute of Science and Technology, Mahmoud Alfadel University of Calgary, Kazumasa Shimari Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology DOI Pre-print | ||
14:00 90mTalk | Testing with AI Agents: An Empirical Study of Test Generation Frequency, Quality, and Coverage Mining Challenge Suzuka Yoshimoto NARA Institute of Science and Technology, Shun Fujita NARA Institute of Science and Technology, Kosei Horikawa , Daniel Feitosa University of Groningen, Yutaro Kashiwa Nara Institute of Science and Technology, Hajimu Iida Nara Institute of Science and Technology | ||
14:00 90mTalk | Safer Builders, Risky Maintainers: A Comparative Study of Breaking Changes in Human vs Agentic PRs Mining Challenge K M Ferdous Kennesaw State University, Dipayan Banik Quanta Technology, Kowshik Chowdhury Kennesaw State University, Shazibul Islam Shamim Kennesaw State University | ||
14:00 90mTalk | On the Reliability of Agentic AI in Continuous Integration Pipelines Mining Challenge Jasem Khelifi École de technologie supérieure, Mahi Begoug ETS Montreal, Ali Ouni Ecole de Technologie Superieure (ETS), Mohammed Sayagh ETS Montreal, University of Quebec, Mohamed Aymen saied Laval University, Moataz Chouchen Concordia University | ||
14:00 90mTalk | Early-Stage Prediction of Review Effort in AI-Generated Pull Requests Mining Challenge Dao Sy Duy Minh University of Science - VNUHCM, Huynh Trung Kiet University of Science - VNUHCM, Nguyen Lam Phu Quy University of Science - VNUHCM, Pham Phu Hoa University of Science - VNUHCM, Tran Chi Nguyen University of Science - VNUHCM, Nguyen Dinh Ha Duong University of Science - VNUHCM, Truong Bao Tran University of Economics and Law -VNUHCM | ||
14:00 90mTalk | Test Coverage of Code Changes in AI-Generated Pull Requests Mining Challenge Tales Alves Informatics Center, Federal University of Pernambuco, Leopoldo Teixeira Federal University of Pernambuco | ||
14:00 90mTalk | When AI Teammates Meet Code Review: Collaboration Signals Shaping the Integration of Agent-Authored Pull Requests Mining Challenge Pre-print | ||
14:00 90mTalk | Toward Instructions-as-Code: Understanding the Impact of Instruction Files on Agentic Pull Requests Mining Challenge | ||
14:00 90mTalk | An Empirical Study of Code Clone Genealogies in Human–AI Collaborative Development Mining Challenge Denis Sousa State University of Ceara, Brazil, Italo Uchoa State University of Ceará, Matheus Paixao State University of Ceará, Chaiyong Rakhitwetsagul Mahidol University, Thailand, Thiago Lima State University of Ceara, Brazil | ||
14:00 90mTalk | On the Footprints of Reviewer Bots' Feedback on Agentic Pull Requests in OSS GitHub Repositories Mining Challenge Syeda Kaneez Fatima Lahore University of Management Sciences, Yousuf Abrar Lahore University of Management Sciences, Abdul Rehman Lahore University of Management Sciences, Amelia Nawaz Lahore University of Management Sciences, Shamsa Abid National University of Computer and Emerging Sciences, Abdul Ali Bangash Lahore University of Management Sciences | ||
14:00 90mTalk | When Bots Get the Boot: Understanding Pull Request Rejections in the Era of AI Coders Mining Challenge | ||
14:00 90mTalk | Understanding the Rejection of Fixes Generated by Agentic Pull Requests - Insights from the AIDev Dataset Mining Challenge Mahmoud Abujadallah ETS - Québec University, Ali Arabat ETS - Québec University, Mohammed Sayagh ETS Montreal, University of Quebec | ||
14:00 90mTalk | What to Cut? Predicting Unnecessary Methods in Agentic Code Generation Mining Challenge Kan Watanabe Nara Institute of Science and Technology, Tatsuya Shirai Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Hajimu Iida Nara Institute of Science and Technology | ||
14:00 90mTalk | How AI Coding Agents Modify Code: A Large-Scale Study of GitHub Pull Requests Mining Challenge Daniel Ogenrwot University of Nevada Las Vegas, John Businge University of Antwerp; Flanders Make; University of Nevada at Las Vegas DOI Pre-print | ||
14:00 90mTalk | Reliability of AI Bots Footprints in GitHub Actions CI/CD Workflows Mining Challenge Syed Muhammad Ashhar Shah Lahore University of Management Sciences, Lahore, Sehrish Habib Lahore University of Management Sciences, Lahore, Muizz Ahmed Hussain Lahore University of Management Sciences, Lahore, Maryam Abdul Ghafoor Lahore University of Management Sciences, Lahore, Abdul Ali Bangash Lahore University of Management Sciences | ||
14:00 90mTalk | The Dose Makes the Agent: Therapeutic Index Analysis of AI Coding Contributions Mining Challenge Giuseppe Destefanis University College London, Ronnie de Souza Santos University of Calgary, Marco Ortu University of Cagliari, Mairieli Wessel Radboud University | ||
14:00 90mTalk | Beyond Bug Fixes: An Empirical Investigation of Post-Merge Code Quality Issues in Agent-Generated Pull Requests Mining Challenge Shamse Tasnim Cynthia University of Saskatchewan, Al Muttakin University of Saskatchewan, Banani Roy University of Saskatchewan | ||
14:00 90mTalk | Why Are Agentic Pull Requests Merged or Rejected? An Empirical Study Mining Challenge Sien Reeve O. Peralta Waseda University, Fumika Hoshi Waseda University, Hironori Washizaki Waseda University, Naoyasu Ubayashi Waseda University, Inase Kondo Osaka University, Yoshiki Higo Osaka University, Hiroki Mukai Ritsumeikan University, Norihiro Yoshida Ritsumeikan University, Kazuki Kusama , Hidetake Tanaka Nara Institute of Science and Technology, Youmei Fan Nara Institute of Science and Technology | ||
14:00 90mTalk | Let's Make Every Pull Request Meaningful: An Empirical Analysis of Developer and Agentic Pull Requests Mining Challenge Haruhiko Yoshioka Nara Institute of Science and Technology, Takahiro Monno Nara Institute of Science and Technology, Haruka Tokumasu Kyushu University, Taiki Wakamatsu Kyushu University, Yuki Ota Ritsumeikan University, Nimmi Weeraddana University of Calgary , Kenichi Matsumoto Nara Institute of Science and Technology DOI Pre-print | ||
14:00 90mTalk | Humans Integrate, Agents Fix: How Agent-Authored Pull Requests Are Referenced in Practice Mining Challenge Islem Khemissi Concordia University, Moataz Chouchen Concordia University, Dong Wang Tianjin University, Raula Gaikovina Kula The University of Osaka | ||
14:00 90mShort-paper | How Do Agentic AI Systems Deal With Software Energy Concerns? A Pull Request-Based Study Mining Challenge Tanjum Motin Mitul University of Manitoba, Md. Masud Mazumder University of Manitoba, Md Nahidul Islam Opu University of Manitoba, Shaiful Chowdhury University of Manitoba Pre-print | ||
14:00 90mTalk | When AI Writes Code: Investigating Security Issues in Agentic Software Changes Mining Challenge Esteban Dectot-Le Monnier de Gouville Polytechnique Montréal, Mohammad Hamdaqa Polytechnique Montreal, Moataz Chouchen Concordia University | ||
14:00 90mTalk | Novice Developers Produce Larger Review Overhead for Project Maintainers while Vibe Coding Mining Challenge Syed Ammar Asdaque Lahore University of Management Sciences, Imran Haider Lahore University of Management Sciences, Muhammad Umar Malik Lahore University of Management Sciences, Maryam Abdul Ghafoor Lahore University of Management Sciences, Lahore, Abdul Ali Bangash Lahore University of Management Sciences | ||
14:00 90mTalk | Code Change Characteristics and Description Alignment: A Comparative Study of Agentic versus Human Pull Requests Mining Challenge Pre-print | ||
14:00 90mTalk | A Task-Level Evaluation of AI Agents in Open-Source Projects Mining Challenge Shojibur Rahman Idaho State University, Md Fazle Rabbi Idaho State University, Minhaz Zibran Idaho State University Pre-print | ||
14:00 90mTalk | Behind Agentic Pull Requests: An Empirical Study on Developer Interventions in AI Agent-Authored Pull Requests Mining Challenge Syrine Khelifi École de technologie supérieure (ÉTS) Montréal, Ali Ouni Ecole de Technologie Superieure (ETS), Maha Khemaja ISSAT Sousse, PRINCE Lab, University of Sousse | ||
14:00 90mTalk | Readability of AI-Generated Pull Request Descriptions Across Pull Request Types Mining Challenge Aidan Tobar Bowling Green State University, Joseph Peterson Bowling Green State University, Abbas Heydarnoori Bowling Green State University | ||
14:00 90mShort-paper | The Quiet Contributions: Insights into AI-Generated Silent Pull Requests Mining Challenge S. M. Mahedy Hasan Idaho State University, Md Fazle Rabbi Idaho State University, Minhaz Zibran Idaho State University Pre-print | ||
14:00 90mTalk | AI IDEs or Autonomous Agents? Measuring the Impact of Coding Agents on Software Development Mining Challenge Shyam Agarwal Carnegie Mellon University, Hao He Carnegie Mellon University, Bogdan Vasilescu Carnegie Mellon University Pre-print | ||
14:00 90mTalk | AI builds, We Analyze: An Empirical Study of AI-Generated Build Code Quality Mining Challenge | ||
14:00 90mTalk | Understanding Dominant Themes in Reviewing Agentic AI-authored Code Mining Challenge Md. Asif Haider University of California, Irvine, Thomas Zimmermann University of California, Irvine Pre-print | ||
14:00 90mTalk | Why and When Agentic Pull Requests are (not) Accepted: An Exploratory Study Mining Challenge Marius Christoph Strauss Anhalt University of Applied Sciences, Sandro Schulze Anhalt University of Applied Sciences DOI Pre-print | ||
14:00 90mTalk | Analyzing Message-Code Inconsistency in AI Coding Agent-Authored Pull Requests Mining Challenge Jingzhi Gong University of Leeds, Giovanni Pinna University of Trieste, Yixin Bian Harbin Normal University, Jie M. Zhang King's College London | ||
14:00 90mTalk | How Do Agentic AI Systems Address Performance Optimizations? A BERTopic-Based Analysis of Pull Requests Mining Challenge Md Nahidul Islam Opu University of Manitoba, Md Shahidul Islam University of Manitoba, Muhammad Asaduzzaman University of Windsor, Shaiful Chowdhury University of Manitoba Pre-print | ||
14:00 90mTalk | Mining Type Constructs Using Patterns in AI-Generated Code Mining Challenge Imgyeong Lee University of Alberta, Tayyib Ul Hassan University of Alberta, Abram Hindle University of Alberta | ||
14:00 90mTalk | Bug-Fixing in the Age of AI: Human vs. Agentic Pull Requests Mining Challenge Renato Domingues UFPE, Fernando Castor University of Twente, Fernanda Madeiral Universidade Federal de Pernambuco | ||
14:00 90mTalk | Why Are AI Agent–Involved Pull Requests (Fix-Related) Remain Unmerged? An Empirical Study Mining Challenge Khairul Alam University of Saskatchewan, Saikat Mondal University of Saskatchewan, Banani Roy University of Saskatchewan | ||
14:00 90mTalk | LGTM! Characteristics of Auto-Merged LLM-based Agentic PRs Mining Challenge Ruben Branco LASIGE, Informática, Faculdade de Ciências, Universidade de Lisboa, Paulo Canelas Carnegie Mellon University, Catarina Gamboa Carnegie Mellon University and University of Lisbon, Alcides Fonseca LASIGE; University of Lisbon DOI Pre-print Media Attached | ||
14:00 90mTalk | Do AI-Generated Pull Requests Get Rejected More? (Yes but Why?) Mining Challenge Rosie Wang University of Alberta, Zhou Yang University of Alberta, Alberta Machine Intelligence Institute | ||
14:00 90mTalk | How AI Coding Agents Communicate: A Study of Pull Request Characteristics and Human Review Responses Mining Challenge Kan Watanabe Nara Institute of Science and Technology, Rikuto Tsuchida Nara Institute of Science and Technology, Takahiro Monno Nara Institute of Science and Technology, Bin Huang Nara Institute of Science and Technology, Kazuma Yamasaki Nara Institute of Science and Technology, Youmei Fan Nara Institute of Science and Technology, Kazumasa Shimari Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology | ||
14:00 90mTalk | Where Do AI Coding Agents Fail? An Empirical Study of Failed Agentic Pull Requests in GitHub Mining Challenge Ramtin Ehsani Drexel University, Sakshi Pathak Drexel University, Shriya Rawal Drexel University, Abdullah Al Mujahid Missouri University of Science and Technology, Mia Mohammad Imran Missouri University of Science and Technology, Preetha Chatterjee Drexel University, USA Pre-print | ||
14:00 90mTalk | An Empirical Study of Tests in Agentic Pull Requests Mining Challenge Sabrina Haque The University of Texas at Arlington, Sarvesh Ingale The University of Texas at Arlington, Christoph Csallner University of Texas at Arlington DOI Pre-print Media Attached | ||
14:00 90mTalk | Who Said CVE? How Vulnerability Identifiers Are Mentioned by Humans, Bots, and Agents in Pull Requests Mining Challenge Pien Rooijendijk Radboud University, Christoph Treude Singapore Management University, Mairieli Wessel Radboud University | ||
14:00 90mTalk | Behavioral Analysis of AI Code Generation Agents: Edit, Rewrite, and Repetition Mining Challenge Mahdieh Abazar University of Calgary, Reyhaneh Farahmand University of Calgary, Gouri Ginde Schulich School of Engineering, University of Calgary, Calgary, Alberta, Canada, Benjamin Tan University of Calgary, Lorenzo De Carli University of Calgary, Canada | ||
14:00 90mTalk | A Study on Code Clone Lifecycles in Pull Requests Created by AI Agents Mining Challenge Italo Uchoa State University of Ceará, Denis Sousa State University of Ceara, Brazil, Henrique Chuvas State University of Ceará, Matheus Paixao State University of Ceará, Chaiyong Rakhitwetsagul Mahidol University, Thailand, Thiago Lima State University of Ceara, Brazil | ||
14:00 90mTalk | On Autopilot? An Empirical Study of Human–AI Teaming and Review Practices in Open Source Mining Challenge Haoyu Gao The University of Melbourne, Peerachai Banyongrakkul The University of Melbourne, Hao Guan the University of Melbourne, Mansooreh Zahedi The Univeristy of Melbourne, Christoph Treude Singapore Management University | ||
14:00 90mTalk | From Industry Claims to Empirical Reality: An Empirical Study of Code Review Agents in Pull Requests Mining Challenge Kowshik Chowdhury Kennesaw State University, Dipayan Banik Quanta Technology, K M Ferdous Kennesaw State University, Shazibul Islam Shamim Kennesaw State University | ||
14:00 90mTalk | A Study of Library Usage in Agent-Authored Pull Requests Mining Challenge DOI Pre-print | ||
14:00 90mTalk | Studying the Footprints of AI Coding Agents in Blockchain Repositories Mining Challenge Munim Iftikhar Lahore University of Management Sciences, Lahore, Maaz Shahid Lahore University of Management Sciences, Lahore, Shahreyar Ashraf Lahore University of Management Sciences, Lahore, Muhammad Saqib Ilyas Lahore University of Management Sciences, Abdul Ali Bangash Lahore University of Management Sciences | ||
14:00 90mTalk | Human-Agent versus Human Pull Requests: A Testing-Focused Characterization and Comparison Mining Challenge Roberto Milanese Politecnico di Torino, University of Molise, Francesco Salzano University of Molise, Angelica Spina University of Molise, Antonio Vitale Politecnico di Torino, University of Molise, Remo Pareschi University of Molise, Fausto Fasano University of Molise, Mattia Fazzini University of Minnesota DOI Pre-print | ||
14:00 90mTalk | Do AI Agents Really Improve Code Readability? Mining Challenge Kyogo Horikawa National Institute of Technology, Nara College, Kosei Horikawa , Yutaro Kashiwa Nara Institute of Science and Technology, Hidetake Uwano National Institute of Technology, Nara College, Japan, Hajimu Iida Nara Institute of Science and Technology | ||
14:00 90mTalk | When is Generated Code Difficult to Comprehend? Assessing AI Agent Python Code Proficiency in the Wild Mining Challenge Nanthit Temkulkiat Mahidol University, Chaiyong Rakhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Ruksit Rojpaisarnkit Nara Institute of Science and Technology, Raula Gaikovina Kula The University of Osaka | ||
14:00 90mTalk | How do Agents Refactor: An Empirical Study Mining Challenge Lukas Ottenhof University of Alberta, Daniel Penner University of Alberta, Abram Hindle University of Alberta, Thibaud Lutellier University of Alberta Pre-print | ||
14:00 90mTalk | An Empirical Analysis of Test Failures in AI-Generated Pull Requests Mining Challenge Alireza Hoseinpour Bowling Green State University, Sajjad Rezvani Boroujeni Bowling Green State University, Jashhvanth Tamilselvan Kunthavai Bowling Green State University, Kyle Cusimano Bowling Green State University, Abbas Heydarnoori Bowling Green State University | ||