DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Enterprise AI Trend Report: Gain insights on ethical AI, MLOps, generative AI, large language models, and much more.

2024 Cloud survey: Share your insights on microservices, containers, K8s, CI/CD, and DevOps (+ enter a $750 raffle!) for our Trend Reports.

PostgreSQL: Learn about the open-source RDBMS' advanced capabilities, core components, common commands and functions, and general DBA tasks.

AI Automation Essentials. Check out the latest Refcard on all things AI automation, including model training, data security, and more.

Related

  • Deliver Exceptional Digital Experiences and Unlock New Value With Okta Customer Identity
  • The Enterprise Browser: A Security-Hardened Productivity Platform for the Future of Remote Work
  • The Future of Web Development: Predictions and Possibilities
  • Dynatrace Perform: Day Two

Trending

  • An Explanation of Jenkins Architecture
  • Telemetry Pipelines Workshop: Introduction To Fluent Bit
  • Role-Based Multi-Factor Authentication
  • Implementing CI/CD Pipelines With Jenkins and Docker
  1. DZone
  2. Data Engineering
  3. AI/ML
  4. How Developers Can Work With Generative AI Securely

How Developers Can Work With Generative AI Securely

Four tips to help the SDLC strike a balance between the improved productivity that generative AI brings and the risks it poses to code security.

By 
John Campbell user avatar
John Campbell
·
Jul. 20, 23 · Opinion
Like (1)
Save
Tweet
Share
3.5K Views

Join the DZone community and get the full member experience.

Join For Free

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this new and quickly evolving technology is everywhere.

Yet along with the exciting promise of greater productivity with AI code generation tools — GitHub argues the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion — there is also increased risk. These risks include concerns around code quality, as AI models can produce complex code that is both difficult to understand and explain.

There is also the risk of complexity around IP ownership, as conversations around the intellectual property rights, ownership, and copyright of AI-generated code are still ongoing. As this technology evolves, guidance will become clearer, but this will take time. Currently, if working with AI-generated code that is trained on open-source software, a failure to adhere to this software's license requirements may well constitute a violation of copyright.

Finally, AI-generated code can contain a number of vulnerabilities, albeit inadvertently. If the AI has been trained on insecure code, for example, it will therefore create insecure code. Simply: garbage in, garbage out.

Putting Security First

So, what can developers do to ensure they can make the most of generative AI without risking security?

  1. See generative AI as a junior coding partner: Developers should go into working with generative AI coding tools with the expectation of lower quality code that contains vulnerabilities.
  2. Stay vigilant with AI prompts: Revealing confidential information via an AI prompt is a big privacy risk, and there is currently limited understanding around how services truly handle their customer data.
  3. Integrate more code reviews: As with traditional coding, code reviews are an important process within the software development lifecycle (SDLC). Reviewing the security and quality of AI-generated code is crucial, as it may seem coherent on the surface but not necessarily correct and secure following testing.
  4. Embrace continuous training: Considering reviewing and testing AI-generated code is so crucial, it's hugely important for the software developers behind the prompts and the delivery of the end product, app or service, to have a good understanding of secure coding. These professionals need training in how to recognize and address vulnerabilities, and as the threat landscape evolves so rapidly, this training also needs to be delivered on a continuous basis to best empower everyone across the SDLC.

It is certainly possible to strike a balance between the improved productivity that generative AI can enable, and the risks it can pose to code security and quality with these guidelines. However, at the foundation of this balance has to be continuous, programmatic secure coding training for the human developer so that generative AI becomes a useful tool rather than a source of insecure code.

AI Productivity security dev

Opinions expressed by DZone contributors are their own.

Related

  • Deliver Exceptional Digital Experiences and Unlock New Value With Okta Customer Identity
  • The Enterprise Browser: A Security-Hardened Productivity Platform for the Future of Remote Work
  • The Future of Web Development: Predictions and Possibilities
  • Dynatrace Perform: Day Two

Partner Resources


Comments

ABOUT US

  • About DZone
  • Send feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: