Just like you You may not grow and grind wheat to make your flour for your bread, most program developers do not write every line of code in a new zero project. Do this will be very slow and can create more safety problems than solved. So developers depend on current libraries – open source projects – to obtain different basic programs.
Although this approach is effective, it can create exposure and lack of vision in programs. Increasingly, The appearance of coding Vepi It is used in a similar way, allowing developers You rotate quickly a symbol They can simply adapt instead of writing from scratch. Nevertheless, security researchers warn that this new type of delivery and operating code makes the safety chain safety chain safety more sophisticated and dangerous.
“We are now hitting this point where artificial intelligence is losing its time to security,” says Alex Zenla, chief technology official at the cloud security company. “And AI is the worst enemy in terms of generating an unsafe symbol. If artificial intelligence is partially trained on old, weak, or low -quality programs available there, all the weaknesses that were present can be re -entered again, not mentioning new issues.”
In addition to absorbing training data that is likely to be unsafe, the reality of coding in elegance is that it produces an approximate project of software instructions that may not take into account all the context and specific considerations on a specific product or service. In other words, even if the company trained a local model on the source icon for the project and describing the natural language of goals, the production process still depends on the ability of human auditors to discover any a defect or a possible defect in the code that was originally created by AI.
“Engineering groups need to think about the life cycle of development in the coding age,” says Era Kinsbruner, a researcher at CheckMarx. “If you ask the same LLM to write about your specific source code, every time it will be a little different output. One developer inside the team will create one outlet and the other developer will get a different output. It provides additional complications that go beyond the open source.”
In CheckMarx reconnaissance One of the senior information security personnel, applications managers, and development heads, a third of the respondents said that more than 60 percent of their organization’s blog was created by artificial intelligence in 2024. But only 18 percent of the respondents said that their organization has a list of approved tools for coding. CheckMarx explored thousands of professionals and published results in August – confirmation, also, that the development of artificial intelligence makes it difficult to track the “ownership” of the code.
https://media.wired.com/photos/68ba13d001e4a62962c43550/191:100/w_1280,c_limit/security_vibecoding_software_failures.jpg
Source link