Author: Fiona Jackson
Summary
AI code generators are not perfect. They are bad at maths and logic. Tariq Shaukat, CEO of Sonar, claims that more and more companies experience outages and security issues because of AI generated code. One reason he states is that the code-review practices are not solid enough. One reason is that developers feel less accountable for code they did not write themselves.
There is also a ‘laissez-faire’ effect. A 2023 study from Standford University shows that those who use AI code assistants “wrote significantly less secure code” but were “more likely to believe they wrote secure code.”
Also there is more code churn, GitClear shows. That means more code gets reverted and copy-pasted.
Quotes:
“In general, this is due to insufficient reviews, either because the company has not implemented robust code quality and code-review practices, or because developers are scrutinising AI-written code less than they would scrutinise their own code.
“When asked about buggy AI, a common refrain is ‘it is not my code,’ meaning they feel less accountable because they didn’t write it.”