DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • Bridging the Gap: How Developers and Security Professionals Can Collaborate for Better Cybersecurity
  • Deliver Exceptional Digital Experiences and Unlock New Value With Okta Customer Identity
  • The Enterprise Browser: A Security-Hardened Productivity Platform for the Future of Remote Work
  • The Future of Web Development: Predictions and Possibilities

Trending

  • Distributed Consensus: Paxos vs. Raft and Modern Implementations
  • Software Delivery at Scale: Centralized Jenkins Pipeline for Optimal Efficiency
  • Building Resilient Identity Systems: Lessons from Securing Billions of Authentication Requests
  • The Role of AI in Identity and Access Management for Organizations
  1. DZone
  2. Data Engineering
  3. AI/ML
  4. How Developers Can Work With Generative AI Securely

How Developers Can Work With Generative AI Securely

Four tips to help the SDLC strike a balance between the improved productivity that generative AI brings and the risks it poses to code security.

By 
John Campbell user avatar
John Campbell
·
Jul. 20, 23 · Opinion
Likes (1)
Comment
Save
Tweet
Share
4.0K Views

Join the DZone community and get the full member experience.

Join For Free

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this new and quickly evolving technology is everywhere.

Yet along with the exciting promise of greater productivity with AI code generation tools — GitHub argues the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion — there is also increased risk. These risks include concerns around code quality, as AI models can produce complex code that is both difficult to understand and explain.

There is also the risk of complexity around IP ownership, as conversations around the intellectual property rights, ownership, and copyright of AI-generated code are still ongoing. As this technology evolves, guidance will become clearer, but this will take time. Currently, if working with AI-generated code that is trained on open-source software, a failure to adhere to this software's license requirements may well constitute a violation of copyright.

Finally, AI-generated code can contain a number of vulnerabilities, albeit inadvertently. If the AI has been trained on insecure code, for example, it will therefore create insecure code. Simply: garbage in, garbage out.

Putting Security First

So, what can developers do to ensure they can make the most of generative AI without risking security?

  1. See generative AI as a junior coding partner: Developers should go into working with generative AI coding tools with the expectation of lower quality code that contains vulnerabilities.
  2. Stay vigilant with AI prompts: Revealing confidential information via an AI prompt is a big privacy risk, and there is currently limited understanding around how services truly handle their customer data.
  3. Integrate more code reviews: As with traditional coding, code reviews are an important process within the software development lifecycle (SDLC). Reviewing the security and quality of AI-generated code is crucial, as it may seem coherent on the surface but not necessarily correct and secure following testing.
  4. Embrace continuous training: Considering reviewing and testing AI-generated code is so crucial, it's hugely important for the software developers behind the prompts and the delivery of the end product, app or service, to have a good understanding of secure coding. These professionals need training in how to recognize and address vulnerabilities, and as the threat landscape evolves so rapidly, this training also needs to be delivered on a continuous basis to best empower everyone across the SDLC.

It is certainly possible to strike a balance between the improved productivity that generative AI can enable, and the risks it can pose to code security and quality with these guidelines. However, at the foundation of this balance has to be continuous, programmatic secure coding training for the human developer so that generative AI becomes a useful tool rather than a source of insecure code.

AI Productivity security dev

Opinions expressed by DZone contributors are their own.

Related

  • Bridging the Gap: How Developers and Security Professionals Can Collaborate for Better Cybersecurity
  • Deliver Exceptional Digital Experiences and Unlock New Value With Okta Customer Identity
  • The Enterprise Browser: A Security-Hardened Productivity Platform for the Future of Remote Work
  • The Future of Web Development: Predictions and Possibilities

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!