A developer discovered that PyCharm's Full Line Completion plugin suggested code that disables SSL certificate verification and security warnings. When typing 'import urllib3' and 'u', the AI proposed 'urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)' - code that would suppress important security alerts.

The plugin also recommended 'urllib3.PoolManager(cert_reqs='CERT_NONE')', which eliminates certificate verification entirely. Accepting these suggestions would expose applications to man-in-the-middle attacks without any warning to developers. The author reported this to JetBrains as potential vulnerability CVE-2024-XXXX in version 253.29346.142.

JetBrains support initially seemed unsure whether this constituted a security vulnerability. After confirming it wasn't a 'direct security vulnerability,' they still requested the author follow their Coordinated Disclosure Policy and not publicize the findings. No substantive fix has been released after 90 days, and the same insecure suggestions appear in version 261.24374.152.

This raises broader questions about AI-powered development tools suggesting insecure code patterns. While the author acknowledges similar issues likely exist across all code generation models, the lack of prioritization and unclear vulnerability classification leaves developers exposed to accepting dangerous shortcuts from their trusted IDEs.