874
AI-Generated Code is Causing Outages and Security Issues in Businesses (www.techrepublic.com)
submitted 3 days ago by RmDebArc_5@sh.itjust.works to c/technology@lemmy.world
181 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Telorand@reddthat.com 5 points 2 days ago

It was ChatGPT from earlier this year. It wasn't a huge deal for me that it made mistakes, because I had a very specific use case and just wanted to save some time; I knew I'd have to troubleshoot grafting it into my function, but even after I pointed out that it was using depreciated syntax (and how to correct it), it just spat out the code again with even more errors and still using depreciated syntax.

All LLMs will fail like this in some way, because they don't actually understand what they're generating (i.e. they have no mechanism for self-evaluating the veracity of their statements).

[-] theterrasque@infosec.pub -1 points 2 days ago* (last edited 2 days ago)

This is a very simple one, but someone lower down apparently had issue with a script like this:

https://i.imgur.com/wD9XXYt.png

I tested the code, it works. If I was gonna change anything, probably move matplotlib import to after else so it's only imported when needed to display the image.

I have a lot more complex generations in my history, but all of them have personal or business details, and have much more back and forth. But try it yourself, claude have a free tier. Just try to be clear in the prompt what you want. It might surprise you.

[-] Telorand@reddthat.com 4 points 2 days ago

I appreciate the effort you put into the comment and your kind tone, but I'm not really interested in increasing LLM presence in my life.

I said what I said, and I experienced what I experienced. Providing me an example where it works is in no way a falsification of the core of my original comment: LLMs have no place generating code for secure applications apart from human review, because they don't have a mechanism to comprehend or proof their own work.

[-] FlorianSimon@sh.itjust.works 4 points 1 day ago

I'd also add that, depending on the language, the ways you can shoot yourself in the foot are very subtle (cf C++/C, which are popular languages for "secure" stuff).

It's already hard to not write buggy code, but I don't think you will detect them by just reviewing LLM code, because detecting issues during code review is much harder than when you're writing code.

Oh, and I assume it'll be tough to get an LLM to follow MISRA conventions.

[-] Telorand@reddthat.com 3 points 1 day ago

It's already hard to not write buggy code, but I don't think you will detect them by just reviewing LLM code, because detecting issues during code review is much harder than when you're writing code.

Definitely. That's what I was trying to drive at, but you said it well.

this post was submitted on 15 Sep 2024
874 points (98.0% liked)

Technology

58100 readers
4900 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world