As AI coding assistants like GitHub Copilot become commonplace, engineering leaders are grappling with a mix of excitement and apprehension. As I mentioned in a prior post, the prospect of breaking the iron triangle and delivering projects that are fast, cheap, AND good sure is tantalizing. But, while these tools promise these benefits, they also introduce new challenges and potential risks. This post explores the top concerns.
‍

Poor Code Quality and Reduced Security

One of the primary concerns is the impact of AI-generated code on overall code quality and security. Recent studies have highlighted some alarming trends:

• Increased Bug Rate: A study by Uplevel found that the use of GitHub Copilot resulted in a 41% increase in bugs. This suggests that AI-generated code may be introducing more errors than it's preventing, potentially compromising code quality.

• Security Vulnerabilities: More than half of organizations encounter security issues with AI-generated code sometimes or frequently, according to this report. AI models trained on vast code repositories may inadvertently introduce known vulnerabilities or exploitable patterns into new code.

• Compliance and IP Concerns: Inadvertently infringing on copyrights or violating licenses when using AI-generated code is also a concern. 

Robust code review processes and increased security testing could mitigate these concerns, but might result in longer development cycles, thereby offsetting any productivity gains. 
‍

Mythical Developer Productivity and Efficiency

Some studies suggest that AI coding assistants may not be delivering the productivity boost you might expect:

• No Significant Productivity Gains: Uplevel's study found no significant improvements in pull request cycle time or throughput for developers using GitHub Copilot. This challenges the notion that AI assistants automatically lead to faster code production.

• Increased Review Time: According to this study, developers are spending more time reviewing AI-generated code, which may negate any time savings in code writing. 

• Complexity in Debugging: Some engineering leaders report that AI-generated code can be more challenging to understand and debug. It might be easier to rewrite the code from scratch than to fix AI-generated issues.

These findings suggest that engineering leaders must carefully evaluate the real-world impact on their team's productivity and adjust expectations accordingly.
‍

Drag on Developer Advancement and Learning

There's growing concern about how AI coding assistants might affect the skill development of junior developers:

• Over-reliance on AI: Some argue that junior engineers may not learn to "really code" if they rely too heavily on AI assistants. This could potentially hinder their ability to understand fundamental coding concepts and problem-solving skills.

• Troubleshooting Challenges: Whether junior engineers are adept enough to effectively troubleshoot code generated by AI is an open debate. This raises questions about the appropriate use of these tools across different experience levels.

This suggests organizations need to balance their use of AI assistants with traditional learning and skill development practices, especially for less experienced team members.
‍

Integration and Workflow Disruption

Incorporating AI coding assistants into existing development workflows presents its own set of challenges:

• Tool Proliferation: Many organizations are using between 6 and 20 different security testing tools. Adding AI assistants to this mix can further complicate the toolchain while also making it harder to integrate and correlate results.

• Process Adaptation: Nearly half of the projects are still being added manually, indicating that many teams haven't fully adapted their processes to accommodate AI tools effectively.

• Noise in Security Testing: 60% of organizations report that between 21% and 60% of their security test results are 'noise.' AI-generated code may exacerbate this issue, making it harder to distinguish between genuine issues from false positives.

Engineering leaders need to carefully consider how to integrate AI coding assistants into their existing workflows without causing disruption or adding unnecessary complexity.
‍

Ethical and Legal Considerations

The use of AI in code generation raises several ethical and legal questions:

• Data Privacy: Potential exposure of proprietary code or customer data when using AI tools is a major concern, especially if the tools reserve the right to train on user prompts.

• Bias in AI Models: AI models may replicate biases present in their training data, potentially leading to the propagation of discriminatory practices in generated code (check out this blog post for more).

• Intellectual Property Rights: As covered in this report, the ownership and rights associated with AI-generated code remain a gray area, potentially exposing organizations to legal risks.

Engineering leaders must stay informed about the evolving legal and ethical landscape surrounding AI-generated code and establish clear guidelines for their teams.
‍

Conclusion

While AI coding assistants offer exciting possibilities for software development, they also present significant challenges for engineering leaders. By understanding and addressing these concerns, leaders can make informed decisions about how to responsibly integrate these tools into their development processes. Striking a balance between leveraging AI's capabilities and maintaining high standards of code quality, security, and developer skill development is the key.

As the technology continues to evolve, ongoing evaluation and adaptation of practices will be crucial. Engineering leaders who navigate these challenges effectively can harness the potential of AI coding assistants while mitigating their risks.