Code-Generating AI Assistants Bring Security Vulnerabilities

Computer scientists from Stanford University have discovered that programmers who use help from AI coding tools like GitHub Copilot produce less secure code solutions for the apps they develop

A team of researchers affiliated with Stanford has published a paper titled, “Do Users Write More Insecure Code with AI Assistants?” The study finds that code-generating systems provided by vendors like GitHub have unexpected pitfalls.

Neil Perry, a PhD candidate at Stanford and the lead co-author of the study believes AI code-generating systems at the moment cannot substitute human beings. Although they may provide some assistance, software engineers who use such systems are more likely to create apps with inherent security vulnerabilities.

Study details

The study specifically investigated the use of Codex, the AI code-generating system powering GitHub’s Copilot. The team involved in an experiment included 47 developers — ranging from undergraduate students to experienced industry professionals. These developers used Codex to complete security-related problems across programming languages including Python, JavaScript and C.

The results were disappointing for the technology prospects. Namely, the researchers found that the study participants who had access to Codex more often wrote incorrect and insecure solutions to programming problems compared to a control group. Additionally, they tended to over-rely on the AI tool, believing their insecure answers were secure, while the developers fully in control of their coding tasks questioned their solutions more often.

However, Megha Srivastava, a postgraduate student at Stanford and the second co-author of the study, stressed that code-generating systems are quite reliable for tasks that aren’t high-risk. Thus, they shouldn’t be abandoned altogether. At the same time, developers who use such tools should carefully double-check the outputs and enhance their security expertise to better spot code vulnerabilities.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Code-Generating AI Assistants Bring Security Vulnerabilities

Study details

SEE ALSO:

Nina Bobro

Breaking News

Bank of Canada Governor Sees Little Impact of Country Budget on Fiscal Track

Wagestream Raises $21.8 Million

S&P Says About Loosening of China’s Fiscal Stimulus

Lenovo and Alibaba Cooperate to Build AI Computers

Micron Intends to Get $6.1 Billion in Grants From US

Join Us

Newsletter

Code-Generating AI Assistants Bring Security Vulnerabilities

Study details

SEE ALSO:

Nina Bobro

Related Posts

Breaking News

Join Us

Newsletter

Get Updates