Security
youtube
This talk was recorded at NDC Manchester in Manchester, England.
#ndcmanchester #ndcconferences #developer #softwaredeveloper
Attend the next NDC conference near you:
Subscribe to our YouTube channel and learn every day:
/ @NDC
Follow our Social Media!
#applicationsecurity #ai #ml #machinelearning
Pressure to ship features and gaps in secure coding knowledge are driving developers to lean on generative AI for security patches. But is this actually improving software security, or merely masking knowledge gaps?
This presentation is based on a research experiment where we systematically reviewed 400+ AI‑generated patches for real‑world vulnerabilities. We looked to answer two key questions:
1. Do AI‑generated patches actually fix the vulnerabilities?
2. Do developers learn from AI‑generated patches?
Our findings show a significant drop in remediation accuracy when developers rely solely on AI suggestions. A large number of participants could not explain how the AI‑generated patch addressed the issue.
Rather than serving as a mentor, current AI assistance risks over‑reliance, leading to a superficial understanding of vulnerabilities and passive consumption. Our findings is inline with other related research that shows a considerable drop in learning when humans rely on auto-suggestion tools.
This presentation is filled with real-world examples and data from a secure coding contest. We will discuss the implications of these findings for software
|
2026/02/03
youtube
