来源:techmonitor
Artificial intelligence-based coding assistants like GitHub’s Copilot leave developers “deluded” about the quality of their work, resulting in more insecure and buggy software, a new study from Stanford University has found. One AI expert told Tech Monitorit’s important to manage expectations when using AI assistants for such a task.
The study involved a group of 47 developers, 33 of whom had access to an AI assistant while writing code, while 14 were in a control group flying solo. They had to perform five security-related programming tasks including ones to encrypt or decrypt a string using a symmetric key. They all had access to a web browser to search for help but only 33 had the AI assistant.
(资料图片)
AI assistant tools for coding and other tasks are becoming more popular, with Microsoft-owned GitHub launching Copilot as a technical preview in 2021 as a way to “improve developer productivity”.
In its own research published in September this year, GitHub found that it was making developers more productive. With 88% reporting themselves as being more productive and 59% less frustrated when coding. The main benefits were put down to becoming faster with repetitive tasks and faster completion of code lines.
Companies Intelligence
View All
Reports
View All
Data Insights
View All
The researchers from Stanford wanted to find out whether users "write more insecure code with AI assistants" and found this to be the case. They said that those using assistants are "delusional" about the quality of that code.
The team wrote in their paper: “We observed that participants who had access to the AI assistant were more likely to introduce security vulnerabilities for the majority of programming tasks, yet also more likely to rate their insecure answers as secure compared to those in our control group.”
There is a solution to the problem. “Additionally, we found that participants who invested more in the creation of their queries to the AI assistant, such as providing helper functions or adjusting the parameters, were more likely to eventually provide secure solutions.”
Only three programming languages were used in the project; Python, C and Verilog. It involved a relatively small number of participants with varying levels of experience including undergraduate students and industry professionals using a purpose-built app that was monitored by the administrators.
The first prompt involved writing in Python and those writing with help of the AI were more likely to write insecure or incorrect code. In total 79% of the control group without AI help gave a correct answer, whereas just 67% of those with the AI got it correct.
View all newsletters Sign up to our newsletters Data, insights and analysis delivered to you By The Tech Monitor team
It got worse in terms of the security of the code being created, as those in the AI group were "significantly more likely to provide an insecure solution" or use trivial ciphers to encrypt and decrypt strings. They were also less likely to conduct authenticity checks on the final value to ensure the process worked as expected.
Authors Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh, wrote that the results "provide caution that inexperienced developers may be inclined to readily trust an AI assistant’s output, at the risk of introducing new security vulnerabilities. Therefore, we hope our study will help improve and guide the design of future AI code assistants.”
Peter van der Putten,director of the AILab at software vendor Pegasystems said despite being on a small scale, the study was “very interesting” and produced results that can inspire further research into the use of AI assistants in code and other areas. “It also aligns with some of our broader research on reliance on AI assistants in general," he said.
He warned that users of AI assistants should approach trust in the tool in a gradual manner, by not overly relying on it and accepting its limitations. “The acceptance of a technology isn’t just determined by our expectation of quality and performance, but also by whether it can save us time and effort. We are inherently lazy creatures," he said. “In the grand scheme of things I am positive about the use of AI assistants, as long as user expectations are managed. This means defining best practices on how to use these tools, and potentially also additional capabilities to test for the quality of code."
Topics in this article : AI
你有真正了解过诗歌吗?收集整理的关于诗歌赏析
关于诗歌赏析(精选9首)在现实生活或工作学习中,许多人对一些广为流传的诗歌都不陌生吧,诗歌是用高度凝练的语言,生动形象地表达作者丰富
什么是“入党介绍人”?入党介绍人发言简短转正
入党介绍人发言简短转正一、什么是入党介绍人中国共产党入党介绍人的职责是:(1)认真了解被介绍人对党的态度,及个人情况,并如实向党组织
方案应该怎么制定才合适呢?精心整理的展览策划方案
展览策划方案(通用12篇)为了确保事情或工作有序有效开展,常常需要预先制定方案,方案是书面计划,具有内容条理清楚、步骤清晰的特点。那么
写起作文来就毫无头绪?帮大家整理的勇敢做自己作文
勇敢做自己作文(精选63篇)在日常学习、工作和生活中,大家都不可避免地会接触到作文吧,作文要求篇章结构完整,一定要避免无结尾作文的出现
那么你有了解过教案吗?帮大家整理的小学美术教学教案
小学美术教学教案(精选11篇)作为一名老师,常常要写一份优秀的教案,教案是保证教学取得成功、提高教学质量的基本条件。那么你有了解过教案
关于我们 加入我们 联系我们 商务合作 粤ICP备18023326号-32
中国创氪网 www.chuanganwang.cn 版权所有
投稿投诉联系邮箱:85 572 98@qq.com