AI Coding Pitfalls

The Feeling of Power is a 1958 Science Fiction short story by Isaac Asimov.  It proposes a world that relies on computers to construct and program other computers and the breakthrough discovery that humans can do maths without the help of computers.  In the real world AI engines are now being used to generate or at least optimise code creation.  This can significantly reduce the development time for software projects but to what degree can this code be relied upon?

Some people will always be better at writing code than others and any major software project is likely to involve more than one individual.  Creating a solution to solve a well-understood problem could be relatively straightforward.  AI code generators can fill in many of the basic building blocks of code; reducing the time needed to flesh out a solution.  There is a degree of intellectual satisfaction in coming up with an answer to a programming problem. Running through the possibly limitless consequences of implementing that solution is more grind than reward.  Through the use of AI tools there is the prospect of reducing that grind.  AI code creation is a relatively new tool; GitHub Copilot was made generally available to developers in June 2022. Henceforeward coders are having to develop new skills on the fly. The role of the successful developer may be coming to rely more on the ability to deduce the correct inputs for AI to create a robust solution.   The challenge that has not changed is identifying the problem and defining exactly what code needs to do to solve that problem.

A big hurdle for commercial software is testing all possible use cases, ensuring that software keeps on working as intended and that it cannot be exploited by harmful actors.  Even sorting out one’s own code and testing it as each section is implemented is a challenging task.  The implementer may know what the code does but not being the ultimate source could be less certain about how it does it.  Reviewing a solution that has been created in bulk by AI will further push testing and validation systems (which are in-turn becoming AI driven).

A 2023 survey by Synk discusses the degree of reliance on AI generated code and how secure that resulting code might be.  They also describe an example of GitHub Copilot output using the appropriately named function; dangerouslySetInnerHTML, which is vulnerable to XSS attacks, in its AI generated JavaScript code. To be fair Synk are in the business of identifying vulnerabilities in code so any perceived risks would boost their business model.   Their survey is based on responses from 537 software engineering and security team members and leaders, 96% of those teams were using AI coding tools.  56% of respondents had encountered security risks within AI generated code.  Similar risks could also be present in code from on-line code solution repositories although these rely on human input to comment on and prioritise optimum solutions.  If the AI tools are creating insecure code and that code is being accepted it will reinforce their own learning algorithms and increase the likelihood of subsequent output being unreliable.

40% of developers questioned by Synk were very concerned that use of AI would impact on the human skills needed to create good code.  This in turn could impact on their own ability to pick up errors in existing code. There is also an indirect risk that insecure code originally created by AI may appear in solutions from a 3rd party developer, on a code repository or within open source solutions.  Stack Overflow, a popular source for coding solutions banned the upload of AI generated solutions in 2022.  Their case being that the chance of an AI solution being the correct and best answer was seen as relatively low.  An influx of this type of response would dilute more helpful code segments hosted on their site.  The AI code engines themselves will have originally been primed by data from online code sources.  If these new engines prove easier to use than searching human based repositories then there will be less input into the original databases making them less useful and further promoting the reliance on AI engines.  Unlike information on historical facts, code solutions need to be kept up to date.  Older functions are sidelined (or deprecated) and replaced by more efficient or more secure solutions.  This results in ageing code only being the best choice within legacy applications.

The core issue may be not where code comes from but how much we can trust the reliability of that code and who owns the resulting solution.  Robust testing and reacting to user feedback will optimise the efficiency of the code.  How big a role AI will have in the whole process is still being worked out.

 

More from Technology

11/11/2024

ChatGPT Fake Citations

Anyone undertaking research will want to back up their conclusions with citations as to where their source material came from.  It is assumed that …

Read post

10/07/2024

UK Government 2024– All Change at the Top

The recent (July 2024) General Election in the UK may or may not change the rules and boundaries on software and AI in the …

Read post

05/06/2024

Shadow AI

A 2024 report on AI at work by Microsoft alleges that ‘75% of knowledge workers use AI at work today, and 46% of users …

Read post

15/04/2024

EU AI Legislation

The EU Artificial Intelligence Act became law from 13th March 2024.  In other countries: China has AI laws already in place that prohibit the …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories