"Kids no longer need to learn programming. Instead, AI will enable everyone to code in human language...everyone in the world is now a programmer, this is the miracle of artificial intelligence." Jenson Huang (NVidia CEO).
As a software engineer for over 15 years, statements like these leave a nagging anxiety in my mind: this profession, which I love and have invested so much time and resources into mastering, might someday become irrelevant. On the other hand, the CEO of NVIDIA has a distinct conflict of interest in making statements like this, as his company stands to gain significantly from the rapid adoption of AI.
Lately, every time I sit down to enjoy a YouTube stream on new coding techniques, the majority are discussions of some new, earth-shattering AI coding tool that removes or at least greatly reduces the need for professional software engineers. AI generative tools have become so prolific that if you’re online often, you’re probably asking yourself if I used an AI to write this blog…fair question, but I didn’t.
Being in an industry where progress is more of an expectation than an exception, the ability to rapidly generate code using these tools can’t be ignored. The general consensus among the engineers I have spoken to indicates a shared anxiety about the radical shift in programming, but also an earnestness and enthusiasm to use the tools to their advantage. So, I wanted to take a moment to investigate where these tools are in their current evolution and what potential pitfalls and promises we might expect in the future.
The Tools
The current lineup of tools is expanding daily, so I’ll just take a minute to highlight some of the more well-known ones. GitHub Copilot, not to be confused with Microsoft Copilot, was announced in June 2021 and had plugins for the most popular IDEs and text editors by October of that same year. This was long before the AI boom caused by the rapid adoption of ChatGPT in 2023. Copilot was initially powered by OpenAI Codex and has grown steadily in popularity and use since its inception. Cursor is another well-known AI coding tool that, rather than functioning as a plugin to an IDE, is a fork of the popular VS Code that we all know and love. In addition to making VS Code with AI integration from the ground up, it allows you to choose which LLM you prefer for code generation, so if you’re finding Claude Sonnet 3.5 is giving you better suggestions than GPT-4, you can select that instead. New tools such as Amazon CodeWhisperer, DeepCode, Tabnine, Replit, and Codeium are popping up every day.
The Good
Needless to say, there are many pros to using AI tools. AI coding tools have had a huge impact on software development by automating repetitive tasks and accelerating development. They can be used for generating boilerplate code, refactoring existing codebases, and identifying potential bugs. They can also assist in automating unit and integration testing, recommending optimizations for performance and scalability, code suggestions, autocompletion, and syntax error correction. Additionally, they can assist in translating code between programming languages, supporting legacy system modernization, and cross-platform development.
My favorite way to use AI that does not threaten customer IP is simply posing questions on difficult problems in which I find myself stuck. The AI almost never knows the exact solution but can typically offer suggestions that lead to a different line of thinking that gets me to an appropriate solution.
The Bad
One of the limiting factors of using AI in professional software development is the desire to protect intellectual property. Posting code into an AI query risks the AI later using that proprietary code to solve problems for other users. This is a problem for both parties: the owner of the proprietary and potentially licensed code loses control of their code, and the secondary user may unwittingly expose themselves to fines and potential litigation if discovered. For this reason, many developers working on proprietary software are restricted from using AI in certain ways to protect IP.
Other areas where people thrive, as opposed to AI, include understanding business context and requirements, making trade-off decisions, ensuring security and reliability, and managing technical debt. AI simply does not yet have the capability to understand these types of nuanced decisions.
The Ugly
A significant problem with developing with AI tools is the risk to security. LLMs are trained on extensive codebases, and it can be difficult for the AI to spot code that is written by a SecOps developer versus someone with far less experience in security. The concerns about security are further coupled with the fact that engineers, especially junior engineers, are increasingly trusting of using AI tools to solve problems.
While AI companies are boasting increased productivity, these increases on GitHub are typically measured by the quantity of pull requests among engineers who use Copilot. However, a recent analysis from UpLevel actually showed a 41% increase in the rate of bugs produced by engineers using AI tools, likely due to the engineers accepting the solutions proposed by the AI rather than comprehensively understanding the problem they were solving. In addition, this tends to exacerbate technical debt in projects rather than increase productivity.
Similarly, another study from GitClear in 2023 with projections for 2024 found that while GitHub was boasting a 55% increase in productivity, their data showed an increase of almost 40% in code churn from developers using AI tools.
There are also growing concerns that code poisoning, in which hackers inject malicious code into open-source codebases for exploitation, could be leveraged against the LLMs to prompt them to recommend poisoned code to unwitting engineers.
Current AI coding solutions seem promising for the future, but in their current iteration, it doesn’t seem like they’ve quite worked out the kinks. The use of AI tools needs to be coupled with professional expertise and rigorous testing methods to minimize the unintended side effects of chasing productivity at the expense of code quality.
By Mark ZurSchmiede, Sr. Software Engineer.