NestJS Security Test Exposes Claude's 6 Vulnerabilities, Gemini's 2 Mistakes
claude gemini
| Source: Dev.to | Original article
Claude and Gemini AI models failed security tests on a NestJS prompt.
As we reported on May 30, the latest updates to Claude Opus 4.8 have sparked discussions about its capabilities and limitations. A recent experiment has put Claude Sonnet 4.6 and Gemini 2.5 Flash to the test, pitting the two AI models against each other with the same NestJS prompt. The results are telling: Claude Sonnet 4.6 yielded 6 security errors from eslint-plugin-nestjs-security, while Gemini 2.5 Flash got only 2.
This matters because it highlights the differences in how these AI models approach security and coding best practices. Both models missed rate limiting on auth endpoints, a critical security oversight. However, Gemini got guards, validators, and serialization right where Claude didn't, suggesting that Gemini may have an edge in terms of security and code quality.
What to watch next is how these AI models continue to evolve and improve. As developers increasingly rely on AI-powered coding tools, the security and reliability of these tools will become a major concern. The fact that both models made significant errors underscores the need for ongoing testing and evaluation. As the AI landscape continues to shift, it will be important to monitor how Claude and Gemini address these security gaps and improve their overall performance.
Sources
Back to AIPULSEN