"participants who had access to an AI assistant wrote significantly less secure code" and "were also more likely to believe they wrote secure code" - 2023 Stanford University study published at CCS23 - eviltoast
  • justOnePersistentKbinPlease@fedia.io
    link
    fedilink
    arrow-up
    25
    arrow-down
    1
    ·
    2 months ago

    No. I would suggest you actually read the study.

    The problem that the study reveals is that people who use AI-generated code as a rule don’t understand it and aren’t capable of debugging it. As a result, bigger LLMs will not change that.

    • chiisana@lemmy.chiisana.net
      link
      fedilink
      arrow-up
      10
      arrow-down
      5
      ·
      2 months ago

      I did in fact read the paper before my reply. I’d recommend considering the participants pool — this is a very common problem in most academic research, but is very relevant given the argument you’re claiming — with vast majority of the participants being students (over 60% if memory serves; I’m on mobile currently and can’t go back to read easily) and most of which being undergraduate students with very limited exposure to actual dev work. They are then prompted to, quite literally as the first question, produce code for asymmetrical encryption and deception.

      Seasoned developers know not to implement their own encryption because it is a very challenging space; this is similar to polling undergraduate students to conduct brain surgery and expect them to know what to look for.