Generative AI code assistance is becoming increasingly popular in software development, with 92% of developers using AI tools such as GitHub Copilot, Amazon CodeWhisperer, and OpenAI’s ChatGPT. However, this technology is still prone to inaccuracies and hallucinations, which can open organizations up to new threat vectors like data poisoning and prompt injection. To safely leverage AI-generated code, it's essential to think strategically about guardrails and include human checks in the development lifecycle. This includes scanning AI code with a separate security tool, validating third-party code through software composition analysis, automating testing across teams and projects, protecting intellectual property by preventing sensitive data from being input into prompts, and establishing policies and procedures for regular reviews of AI-generated code.