Code-generating tools could be more of a security hindrance than help
New research by a group of Stanford-affiliated researchers has uncovered that code-generating AI tools such as Github Copilot can present more security risks than many users may realize.
The study looked specifically at Codex, a product of OpenAI, of which Elon Musk is among the co-founders.
Codex powers the Microsoft-owned GitHub Copilot platform, which is designed to make coding easier and more accessible by translating natural language into code and suggesting changes based on contextual evidence.
AI-coding problems
Lead co-author of the study, Neil Perry, explains that “code-generating systems are currently not a replacement for human developers”.
The study asked 47 developers of differing abilities to use Codex for security-related problems, using Python, JavaScript and C programming languages. It concluded that the participants who relied on Codex were more likely to write insecure code compared with a control group.
Perry explained: “Developers using [coding tools] to complete tasks outside of their own areas of expertise should be concerned, and those using them to speed up tasks that they are already skilled at should carefully double-check the outputs and the context that they are used in in the overall project.”
This isn’t the first time that AI-powered coding tools have come under scrutiny. In fact, one of GitHub’s solutions to improve code quality in Copilot saw the Microsoft-owned company face legal action for failing to attribute the work of other developers. The result was a $9 billion lawsuit for 3.6 million individual Section 1202 violations.
For now, AI-powered code-generating tools are best thought of as a helping hand that can speed up programming rather than an all-out replacement, however if the development over the past few years is anything to go by, they may soon replace traditional coding.
- Check out the best endpoint protection and the best firewall tools
Via TechCrunch