How to Securely Take Advantage of Generative AI

Generative artificial intelligence (AI) has garnered attention in the software development ranks for its ability to produce software that appears to be of high quality. But along with the promise of increased productivity from new code generation tools comes increased risks. How does an organization take advantage of this productivity increase while eliminating or mitigating the risks? First let’s look at some of the risk with utilizing generative AI: – Code generated by LLMs may inadvertently contain vulnerabilities. Generative AI’s may use a Large Language Model (LLM) that has been trained on code of dubious origin and as is often said, garbage in, garbage out. Inadvertent Vulnerabilities – The resolution of intellectual property rights, copyright, and ownership pertaining to AI-generated code is still an ongoing process. For instance, when utilizing AI-generated code trained on open-source software, failing to adhere to the license requirements of that software may constitute a copyright violation. As generative code continues to evolve, it is expected that the intricacies surrounding these issues will become clearer, but it may require time and legal precedents to establish more definitive guidelines. IP Ownership Complexity – AI generated code may not need the reliability, scalability and quality required, and generative AI models can produce code that is difficult to understand or explain. An important maintenance consideration is to ensure that code is well-designed and documented. Code Quality Concerns While there are risks with using generative AI with proper guidance it can increase developer productivity. And already many developers feel that generative AI is another essential tool. Here are a few guidelines that may help minimize the risks of generative AI while providing productivity benefits: But a junior one. You should maintain a good amount of skepticism about the generated code and be vigilant to confirm quality. Consider generative AI as your coding partner – – Generative AI produces results that seem coherent and convincing but aren’t always correct. Don’t take AI generated code for granted. All code should be reviewed and tested prior to use. Always review AI generated code – Although many services portend that customer prompts aren’t used for model training you have limited ability to know exactly how services handle customer information. Be careful of revealing confidential information via AI prompts – Understanding how to properly utilize generative AI is crucial for obtaining optimized results. Users should familiarize themselves with the fundamentals of prompt engineering. Establish the basics – The best defense for eliminating code vulnerabilities is still a well-trained development staff and a well-engineered software supply chain. It is crucial for developers to be trained in recognizing and addressing vulnerabilities, ensuring that generative AI does not become an unintentional source of insecure code. Strong people and process For many developers generative AI has become an invaluable tool, with numerous developers recognizing its benefits. Instead of outright prohibiting its use due to associated risks, it is more effective to establish a clear and concise set of guidelines that developers can adhere to. By doing so, we can strike a balance between leveraging generative AI for increased productivity and mitigating potential risks.