If you're not reviewing the horrible code that co-pilot writes, then you're the co-pilot.

Bro asked CoPilot to write vulnerable code then hit us with the shocked pikachu face when it wrote vulnerable code.

is this video a advertisment for snyk??

Personally I think a Co-Pilot is just what the name suggests, a copilot. Not a replacement tool. I know that this is a given but be aware that you still need to do the thinking as person and scan the generated code on vulnerabilities and all.

So far it works pretty well for me to take code from AI that I would have been able to write anyway. If I let it compose too much without my direct review, I end up with an application that is partly built, but without me being able to effectively maintain (or secure) it. It still saves a lot of time, but I can't just let it go on its own. So far.

I am not on the whole AI-assistant bandwagon, but, to be fair, "Can you clean this code?" can be interpreted in many ways, in particular it might be interpreted as a request to _format_ the code. A better prompt might be "Can make sure the following code has no security vulnerability?"

Do you see any different results when asking copilot to produce "secure" code or by calling out specific vulnerabilities?

Snyke for security chatgpt for structing the code and copilote for writing fast and then sent it back to chatgpt so it make you understand the code correctly and perfectly

I enjoyed this. The same paradigm with training data applies as with other answers.

Hallucination is a known thing with generative AI. You HAVE to check everything.

I'm fascinated by how John types.

I used some codium ai for writing some code and it's pretty secure, I also added sny along side just to make sure because I want to host it online and security is one of the main points. Not that my app is very important but just want to make sure that the passwords are encrypted and that my db isn't dropped or so. my custom application is a cusotm inventory site for the scouts

bruh how does he type without all the fingers on the keyboard. Bro is literally typing with index fingers without looking at the keyboard.

when i am writing rust with co-pilot half the time it either writes syntax errrors or on allowing a completion it just that moment switched to a different suggestion that replaces half my well working code just below with crap

Another great and informative video, John. However, I do understand that being sponsored means you can't put your sponsors in a bad light and take away from their product, but it would have been nice if you asked copilot to specifically write or modify your code to be MORE secure instead of being vague in your prompts. Generative AI is only as good as the prompts you feed it.

What a surprise ! An AI that doesn't understand anything can make critical mistakes ! 🙃

In 2003 that php include killed my home webpage :) those were the days

We are slowly building GLADOS, the coding core, the seccurity core, the youtube video posting core SoonTM

linear dependence, topological defects, swiss cheese and riemannian manifolds

Awesome Video

Currently in the middle of an C# course. No auto pilot here, not for me. But truth to be told sometimes chat GPT for internal testing

Personally I enjoy Snyk to show me possible vulnerabilities in my code but I have had issues with it stating that Snyk has said there exploits when the data was filtered multiple different ways to make sure the text was filtered and replaced with data that doesn’t even touch the user’s input only generated from the back end and Snyk saying it was a path traversal exploit

This is why we still need actual programmers (for now), even if its just to know what to ask co-pilot what to do.

This was just an ad for synk…

How do you feel about having a 3rd party (snyk) scanning through your entire codebase? Isn't that a potential risk in itself? Do their analyzers copy code to their servers? What are their ML algorithms/ AI doing with the analyses?

Super interesting 🦾🤖🇺🇲

Copilot is pretty good for peon level react/js & crud code, but it's actually just a net efficiency loss if you are working on something complex and low level or mathematical. Id just really discourage anyone from using it to write code if they are trying to learn something.

Did you come up with this vid idea just to sell us snyk. I mean cool tool but i'd love to see it on a production code base not on some easy code

co-pilot AND php? we've made some serious mistakes

I only use co-pilot to help me figure out what is possible

Can you recommend any good resources to get good at coding?

There are more insecure programs than secure ones over the internet. AI is based on training (i.e. democracy). Well, there are more programmers unable to write secure code than the ones able to do so. What you think what the AI will learn? :D

I found it funny that you only type with one finger per hand 😅

I think it's a little disingenuous because ANY AI is only as good as the prompt. Asking Co-Pilot to "Clean the code" is dis-ambiguous - after all, it "cleaned up your code" by making it more readable. How about asking it to SECURE any potential vulnerabilities in the code and see what it does?

You can't just say "clean code" to copilot as a prompt and expect it to remove vulnerabilities. Also co-pilot is just that. It's a tool to be used alongside good programming practices. You can't expect "clean code" to look for sql-injections, or xss exploits. Co-pilot and chat gippity write stuff based on your prompts.

And someone wants to defend someone actually writing this.. then how the fuck do they have job???

It's Microsoft...

Therd😮😮

"I misunderstood what generative AI is and I made a video about it."

ai for coding is like ai for writing papers in college . you can do small segments and itll be fine but it wont work out well if you do large amounts

🇿🇼🖤

yes but is this a really a tech issue? This more of a vulnerability of natural language i think. How chatgpt/copilot is hard coded to not reveal proprietary software and the general nature of code vulnerability - chatgpt will never give the `correct` answer not because its lack of understanding of the coding but more of how to patch a vulnerability without revealing proprietary cyber security method. Ive even had chatgpt explain this to me once when to write a generator that uses python iter and next special methods for file chunking. Chatgpt further get stuck in a loop where it replies with the same answer refusing to use the next or iter method and even explains that even even though next and iter would be more secure but its not allowed to share proprietary technology, 13:53 Paint it in a bad light please. The qualities are not flaws but guardrails and a majority of people don't realize the accumulative affect this will have on the industry as a whole while millions of dollars get invested into this system that intentionally misleads people. AI SAFETY IS DANGEROUS

I was thinking you were going to talk about the BIGGER issue of Copilot stealing code from developers and repurposing and "giving it" to other developers without knowledge of licenses

😃👍

0% of my code is written by AI.

Damn tried to be first! 😂

If you want AI to fix a vulnerability in your code, don't just write "clean this code?". Need to learn to prompt a bit :p

Second

Third

first

There's literally NO difference between copying code examples form stack overflow, which everyone did in the past, and now letting AI do it. Responsibility is still on the hands and mind of the developers. Add some git hooks to run tests on the dev machine and again on a CI pipeline for each pull request to run more sec tests.

Lulz... they hacked Ray and are actively sabotaging you. :D

horrible example. Copilot did exactly what you told it. Your example is flawed from the beginning because taking that sort of input from the user is already suspicious. Like literally.. who would actually write this???

Co-pilot: Guide to what your next turn and speed should be GH CoPilot: No better than the script kiddie copying code expecting something cool to happen

Anyone else get freaked out that it’s software debugging other software that was written by software? I personally would like to have a career in the IT field but it looks like they aren’t gonna need very many humans anymore….

code has more holes than swiss cheese,, script kiddie stuff

use C script kiddie