Application Security , Artificial Intelligence & Machine Learning , DEF CON

Why AI-Assisted Coding Tools Amplify Code Quality Gaps

Snyk's Randall Degges on the Crucial Role of Code Base Quality in AI Output
Randall Degges, head of developer and security relations, Snyk

AI-assisted coding tools such as GitHub Copilot are transforming software development by enabling developers to generate code faster. But these tools often inherit and amplify existing vulnerabilities when used with low-quality code bases, said Randall Degges, head of developer and security relations at Snyk.

See Also: Building Better Security Operations Centers With AI/ML

The quality of the existing code base heavily influences the performance of AI coding assistants. Tools such as Copilot rely on the context provided by the existing code when generating new code. If the underlying code is riddled with vulnerabilities, the AI tool is likely to replicate those flaws in its output, exacerbating security risks, Degges said.

"There's tons of code in the world. Tons of people are writing them. Most of it is not being kept up to date and perfect all the time," Degges said. "Naturally, you're going to run into problems when you're using AI-generated code, and just being aware of that fact is the most important thing you can do as a developer, so that you can go and address those issues when they pop up."

In this video interview with Information Security Media Group at DEF CON 2024, Degges also discussed:

  • The role of security flaws, code consistency and update frequency in evaluating AI coding tools;
  • Best practices for maintaining high-quality code in AI-assisted environments;
  • Challenges that AI tools face in identifying context-specific security vulnerabilities.

Degges has more than 20 years of experience in building and growing technical products and optimizing elegant developer services. Prior to Snyk, he worked at Okta, Stormpath and Telephony Research Services.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.