We 3.5x'd Our Pull Requests with AI: Now We Catch Fewer Bugs

(brodzinski.com)

5 points | by flail 5 hours ago ago

3 comments

  • rurban 4 hours ago ago

    Exact the same bullpoints and trade offs I am facing. More code, faster, more bugs, esp. more security bugs.

    Part of the more bugs is that the tools find much more bugs and write much better tests than before with only fuzzing disturbing our peace for a while.

    • flail 2 hours ago ago

      We also find that the agents tend to find false positives. Especially when it comes to security. In theory, you can get an automated pen test every week. In practice, it drowns you in triaging reported vulnerabilities, as you find a significant part of them aren't something that you'd like to address, like ever.

      • Synthetic7346 14 minutes ago ago

        What models do you use for automated pen tests? Don't the Frontier labs block security stuff?