Tech

Mitigating the Risks of AI-Generated Code

Source link

2023 has been a breakout year for developers and generative AI. GitHub Copilot graduated from its technical preview stage in June 2022, and OpenAI released ChatGPT in November 2022. Just 18 months later, according to a survey by Sourcegraph, 95% of developers report they use generative AI to assist them in writing code. Generative AI can help developers write more code in a shorter space of time, but we need to consider how much of a good thing that may be.

When we talk about AI tools for software development, right now that mostly means ChatGPT and GitHub Copilot, though there is competition from Google Bard, Amazon CodeWhisperer, and Sourcegraph’s Cody. Developers are finding success using generative AI to address common, repetitive, and low-complexity coding issues. However, these assistants fall short of understanding complex code bases, recognizing intricate patterns, and detecting complex issues and vulnerabilities.

According to early research by GitHub regarding the usage of Copilot, developers are measurably writing code faster and perceive themselves to be more productive, less frustrated, and more fulfilled. What could go wrong?

AI-generated insecure code

A study from Stanford from around the same time found that participants who had access to an AI assistant were more likely to write insecure code and more likely to rate their answers as secure compared to a control group. Meanwhile, a survey by Sauce Labs discovered that 61% of developers admit to using untested code generated by ChatGPT, with 28% doing so regularly.

So, developers are writing code faster and producing more of it with the assistance of generative AI. But they are more likely to write insecure code, while believing it to be secure, and even push it to production without testing. In 2024, it is likely we will see the first big software vulnerabilities attributed to AI-generated code. The success of using AI tools to build software will lead to overconfidence in the results, and ultimately, a breach that will be blamed on the AI itself.

To avoid such an experience, the industry as a whole needs to double down on development practices that ensure code, written by both developers and AI, is analyzed, tested, and compliant with quality and security standards. It’s important that organizations build processes that ensure code is analyzed, tested, and reviewed so that it can be trusted, regardless of how it was authored.

These practices create a buffer for developers to leverage AI code generators without the risk—both now and in the future. It’s important now because generative AI tools are new and fairly rudimentary and they require a lot of human oversight to guide them in the right direction. It’s also important in the future as generative AI, and the technology that uses it, continues to rapidly evolve. We don’t know what it will look like in the future, but we do know that without the tools and processes to keep code in check, we may not understand what we’re deploying.

Putting the focus on clean code

As the adoption of AI tools to create code increases, organizations will have to put in place the proper checks and balances to ensure the code they write is clean—maintainable, reliable, high-quality, and secure. Leaders will need to make clean code a priority if they want to succeed.

Clean code—code that is consistent, intentional, adaptable, and responsible—ensures top-quality software throughout its life cycle. With so many developers working on code concurrently, it’s imperative that software written by one developer can be easily understood and modified by another at any point in time. With clean code, developers can be more productive without spending as much time figuring out context or correcting code from another team member.

When it comes to mass production of code assisted by AI, maintaining clean code is essential to minimizing risks and technical debt. Implementing a “clean as you code” approach with proper testing and analysis is crucial to ensuring code quality, whether the code is human-generated or AI-generated.

Speaking of humans, I don’t believe developers will go away, but the manner in which they do their work every day will certainly change. The way developers use AI will be as simple and commonplace as searching Google for something as a shortcut. There’s much to be explored about the usage of modern AI, and we must consider the human element at the forefront to check AI’s drawbacks.

By ensuring AI-generated software contains clean code, organizations can help themselves from falling victim to AI’s potential downsides, like subtle bugs or security flaws, and they can derive more value from their software in a predictable and sustainable way. This is non-negotiable when the status and future of software development as a profession are intricately tied to the integration of AI.

AI has transformative potential for software development, but we must not let it run without checks—especially when digital businesses today are dependent on the software that underpins it.

Phil Nash is a developer advocate for Sonar serving developer communities in Melbourne and all over the world. He loves working with JavaScript or Ruby to build web applications and tools to help developers. He can be found hanging out at meetups and conferences, playing with new technologies and APIs, or writing open source code. Prior to working at Sonar, he was a principal developer evangelist at Twilio.

Generative AI Insights provides a venue for technology leaders—including vendors and other outside contributors—to explore and discuss the challenges and opportunities of generative artificial intelligence. The selection is wide-ranging, from technology deep dives to case studies to expert opinion, but also subjective, based on our judgment of which topics and treatments will best serve InfoWorld’s technically sophisticated audience. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Contact doug_dineley@foundryco.com.

Copyright © 2024 IDG Communications, Inc.

(The following story may or may not have been edited by NEUSCORP.COM and was generated automatically from a Syndicated Feed. NEUSCORP.COM also bears no responsibility or liability for the content.)

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button