IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Gemini tops Floxy's AI coding assistant leakage risk
Data Protection DevSecOps AI Security

Gemini tops Floxy's AI coding assistant leakage risk

Tue, 26th May 2026 (Today)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

Floxy has ranked Google Gemini as the AI coding assistant with the highest leakage risk for developers in a study of 15 tools used by software engineers.

The report assessed how long each platform stores user code, whether that code may be used to train future models, and how often the services hallucinate or suffer downtime. Floxy then assigned each assistant a leakage risk score from 1 to 99, with higher scores indicating greater risk of code exposure or misuse.

Gemini received the highest score, 99. It stores developer code for 540 days, far longer than any other assistant in the group. Users can opt out of training, but the default setting allows code to be used in future models.

Gemini's usage was also significant in the survey. Floxy put its AI agent tool usage rate at 47.4%, suggesting the policy affects a large share of developers who rely on coding assistants.

Bolt.new ranked second with a score of 85. Its code retention period was listed at 30 days, but the bigger concern was an unclear policy on whether user code is used for model training.

That ambiguity set Bolt.new apart from some rivals with similar retention periods. It also recorded a 4% downtime rate, the highest among the leading assistants in the ranking.

Lovable.dev came third with a score of 70. The report said it keeps developer code for 90 days before deletion, three times the retention period listed for ChatGPT, while also allowing users to opt out of training.

Claude Code took fourth place with a score of 57. The Anthropic tool retains code for 30 days and offers an opt-out by default, but it also recorded a 10.3% hallucination rate and 1.8% downtime.

Replit rounded out the top five with a score of 56. While it stores user data for seven days, it defaults to training on user code unless developers choose to opt out.

Other major tools ranked lower. Microsoft Copilot scored 54, ChatGPT 47, Amazon Q Developer 42, GitHub Copilot 39, and v0.dev 37.

ChatGPT was the most widely used tool in the dataset, with a usage rate of 81.7%, followed by GitHub Copilot at 67.9% and Gemini at 47.4%. Perplexity was identified as offering stronger code protection than more widely used alternatives, though its market share remained low at 16%.

Risk factors

The ranking combined several measures, including data retention periods, training policies, hallucination rates, downtime frequency, and what Floxy described as agentic risk, a measure tied to whether a tool can access files, terminals, or external systems while carrying out coding tasks.

Several of the higher-ranked products were described as full coding agents rather than basic assistants. Broader system access increases the potential impact of faulty outputs or mishandled data because the tools can interact with codebases, commands, and connected environments.

According to the published figures, Claude Code, Bolt.new, Lovable.dev, and Replit all recorded hallucination rates of 10.3%. Gemini's rate was lower at 7%, while Microsoft Copilot and GitHub Copilot were both listed at 5.6%, and Amazon Q Developer at 5.1%.

Downtime varied sharply between platforms. Bolt.new had the highest rate at 4%, ahead of Lovable.dev at 3%, Replit at 2%, and Claude Code at 1.8%. Microsoft Copilot and Amazon Q Developer were both recorded at 0.1%.

Data handling

The findings reflect broader concern among software teams over how AI tool providers handle proprietary code, internal prompts, and technical workflows. More than 80% of software engineers now rely on AI coding tools, according to the study, raising the stakes for data retention and training practices.

For businesses, the issue is not only whether code is stored, but whether stored material may later influence model outputs. Where policies are unclear or default to training, developers may have less control over how internal code is reused.

Aimen Hallou, chief technology officer at Floxy, commented on the findings: "We're seeing a new category of security incident where companies discover their code showed up in a competitor's product, and the only explanation is a shared AI training dataset. When your code trains a model, you lose control over where it goes. The model learns patterns from your implementation, and those patterns can surface in suggestions given to other developers, including your competitors."

Related stories
KnowBe4 partners Secure Code Warrior on AI training
Progress strategist warns on AI agent database deletion
API attacks surge as AI exposure raises cyber risk
LangWatch launches open-source tool for AI red-teaming
Bedrock Data names three leaders after USD $25m round
Top stories
Gainsight launches Developer Studio & Skilljar tie-up
AI adoption outpaces cloud security, Check Point warns
DeepJudge & Harvey partner to add firm knowledge to AI
Bugcrowd launches RL environments for AI security training
Scrum.org adds self-paced course for agile leaders