The senior architect
An ambitious model that codes like a seasoned architect, but whose sophistication can introduce complex, high-severity bugs like resource leaks and concurrency issues.
research report
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
Key findings
Our deep analysis of LLM-generated code goes beyond standard benchmarks.
Coding personalities
Each LLM has a distinct style that impacts your production environment.
Shared strengths
All models consistently produce valid and create viable solutions for well-defined problems.
Shared blind spots
All models have a fundamental lack of security awareness and a bias for messy code.
Upgrades increase risk
Newer models can generate bugs that are almost twice as likely to be of the highest severity.
Meet the coding archetypes
Our analysis shows that each LLM has a unique and measurable coding personality. Which one have you "hired" for your team?
The senior architect
The rapid prototyper
The unfulfilled promise
The efficient generalist
The balanced predecessor
Beyond the benchmark: What our analysis uncovered
93%
more likely for new Claude model to be of 'BLOCKER' severity than its predecessor.
90%
of all issues found in LLM-generated code create long-term technical debt.
70%
of the vulnerabilities for one LLM are of ‘BLOCKER’ severity.
50%
of all bugs from one popular LLM are control-flow mistakes.
The "trust but verify" mandate for AI
AI is now a core part of software development, but performance benchmarks alone are misleading. They can lead to LLMs that solve difficult challenges but fail to write good, secure, and reliable code. To harness these powerful models responsibly, you must look beyond the benchmark. Our report provides the critical insights needed to choose the right models and use them safely.
The three qualities of software source code
Sonar classifies the issues found in every project or codebase across three deeply interconnected software qualities: reliability, security, and maintainability.
Reliability
Bugs that would affect the software's capability to maintain its level of performance under promised conditions, potentially compromising its reliability and operational effectiveness.
Security
Vulnerabilities and security hotspots. Vulnerabilities are code weaknesses that could be exploited for attacks, while hotspots are security-sensitive code requiring manual review.
Maintainability
Code smells, which could indicate weaknesses in design that can increase technical debt, slow down development, or increase the risk of bugs or failures down the line.
