AI-Generated Code Causing Outages and Security Risks in Businesses

SeniorTechInfo
3 Min Read

AI Code Generation: The Pitfalls and Promises

Businesses leveraging artificial intelligence for code generation are encountering challenges such as downtime and security vulnerabilities. The team at Sonar, a leading provider of code quality and security solutions, has witnessed major financial institutions facing consistent outages where AI-generated code is often blamed.

While AI tools have revolutionized the development process, they are not flawless. Research from Bilkent University reveals that popular AI code generators like ChatGPT, GitHub Copilot, and Amazon CodeWhisperer produce correct code only a percentage of the time, highlighting their imperfections.

One of the fundamental issues with AI is its struggle with logic and mathematics, as noted by experts like Wharton AI professor Ethan Mollick. Developers are increasingly relying on AI for code generation, but the lack of proper review processes is contributing to outages and security incidents.

Could ‘insufficient reviews’ be a factor?

A Snyk survey indicates that over half of organizations face security issues due to poor AI-generated code, a trend that is expected to escalate with 90% of engineers adopting AI code assistants by 2028. Sonar’s CEO, Tariq Shaukat, emphasizes the importance of robust code review practices and developer accountability in mitigating these risks.

The ‘laissez-faire’ effect

Stanford University’s study reveals that users relying on AI code assistants tend to write less secure code while overestimating its security levels. The recent CrowdStrike outage underscores the critical role of human intervention in code validation to prevent system failures.

Despite the skepticism around AI tools, developers continue to embrace them for their efficiency gains. However, reports suggest a rise in code churn and the need for extensive clean-up operations post-AI code generation.

What is ‘code churn’?

GitClear’s research indicates a surge in code churn and copy-pasted code, posing challenges in code maintenance and consistency. Shaukat acknowledges the cleanup efforts required but believes that with proper tooling and processes, the impact can be managed.

Ultimately, developers must remain accountable for the code they produce, especially when leveraging AI tools. Leaders are urged to prioritize assurance steps to prevent downtime, bugs, and security risks associated with AI-generated code.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *