Although rated as quite useful, AJAX introduces a new vulnerability into websites and user interactions. The problems are caused when downloaded JavaScript code is executed on the client. A number of security problems were caused due to Microsoft Visual Basic developer's use of ActiveX controls in web applications. This could cause intruders to substitute their own executables in the download and run them on unsuspecting user's PCs.

As per Fima Katz, CEO, Ajax integrated development environment supplier, the problem is with regard to careful design and not interactive technology. The client should be kept minimal along with restrictions on what JavaScript is allowed to do on it. In case the application is opened to the world then the business logic downloaded to the client should be kept to a minimum and business logic must be executed on the internet server as it can be easily protected against intrusion and code injection.