"Reasons given include pressure to deploy quickly, vulnerabilities being too difficult to fix, and reliance on other controls to pick up the pieces."
Are they not warning their bosses? I find this reasoning hard to believe. If management doesn't care, the problem has little to do with AI. A more reasonable explanation is that they hate that they are forced to use AI and they ship Swiss cheese as and act of sabotage, apathy, or to prove AI's incompetence at taking over their job.
AI isn't the source of the problem (as you point out, bad management is a preexisting problem), but it exacerbates it significantly. I think it's still worthwhile to call out a new factor that's making an existing problem much worse.
Humans can't write code without bugs either, especially in languages like the one Linux is written in. It's not a binary though, either in terms of how involved the human is in crafting the output and how many bugs are in the code that's getting merged, so I don't think that blanket statements like "AI writes bugs" or "AI finds bugs" are particularly meaningful.
I don't see a disconnect. AI generates things that are similar to existing things (but partly made up and subtly wrong), so just like how it can generate somewhat correct code it can also generate somewhat correct vulnerability reports.
It’s because upper management demands it. Do most of your coding with an LLM or find another job, etc. How much you “llm all the things” is now a measured performance metric.
It’s pure madness but employees are obligated to give the people that pay them what they want. Either that or lose your healthcare and housing.
This might shock you, but there are more precise numbers than "none" and "some". In fact, some of the ones that aren't "none" are even larger than others!
"Reasons given include pressure to deploy quickly, vulnerabilities being too difficult to fix, and reliance on other controls to pick up the pieces."
Are they not warning their bosses? I find this reasoning hard to believe. If management doesn't care, the problem has little to do with AI. A more reasonable explanation is that they hate that they are forced to use AI and they ship Swiss cheese as and act of sabotage, apathy, or to prove AI's incompetence at taking over their job.
AI isn't the source of the problem (as you point out, bad management is a preexisting problem), but it exacerbates it significantly. I think it's still worthwhile to call out a new factor that's making an existing problem much worse.
> Are they not warning their bosses?
Where do you think the pushing is coming from?
On one had, AI is being used to cybersecurity and used to find bugs in Linux etc. On the other hand, it seems that AI can't write code without bugs.
So where is the disconnect?
Humans can't write code without bugs either, especially in languages like the one Linux is written in. It's not a binary though, either in terms of how involved the human is in crafting the output and how many bugs are in the code that's getting merged, so I don't think that blanket statements like "AI writes bugs" or "AI finds bugs" are particularly meaningful.
I don't see a disconnect. AI generates things that are similar to existing things (but partly made up and subtly wrong), so just like how it can generate somewhat correct code it can also generate somewhat correct vulnerability reports.
AI is thinking about its own job security at this point.
One important factor is that those who don't want to ship the bug riddled code are being labeled as less productive and laid off.
Yep, that's a management problem. Not an AI problem.
It might as well be both.
If only because the structure present in the parent comment ("it's A, not B") is considered an AI tell.
Those aren't exclusive. The hydrogen in the Hindenberg was a problem even if a spark was needed to ignite it.
It’s because upper management demands it. Do most of your coding with an LLM or find another job, etc. How much you “llm all the things” is now a measured performance metric.
It’s pure madness but employees are obligated to give the people that pay them what they want. Either that or lose your healthcare and housing.
When companies like Microsoft can get away with it with zero consequences, it sort of seems like less of an issue.
I didn't realize all code before LLM was hole proof.
This might shock you, but there are more precise numbers than "none" and "some". In fact, some of the ones that aren't "none" are even larger than others!
"Thing is worse after change."
"I didn't realize thing was perfect before change!"
It wasn't. But it had fewer holes than what the LLMs make.