PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 20th October 2024

Welcome back!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

What I learned this week

TL;DR

  • AI programming assistants are everywhere. From professional solution (like GitHub Copilot) to solution that seems to promise a zero code approach (like bolt.new) there is a lot of new aspect to coding. What does this mean from a security perspective? We will explore this week and the next. We start by going through the basics and the promise of AI programming and next week we will focus on the security aspect and what a CISO should know and what can be done to ensure security is not an afterthought. » READ MORE

  • A must read article from Sequoia Capital about the evolution of GenAI. The article highlights the shift from a “fast thinking” (pre-trained responses) model to a “slow thinking” (reasons at inference time). It also explores the implication of that shift for the AI market and the emergence of a new cohort of agentic applications. » READ MORE

  • The scary world of cyber is still out there. To counter this, here is a short list of some key wins for the week:

    • The Hacker allegedly behind the hack of the FBI, Airbus, National Public Data has been arrested in Brazil » READ MORE

    • In an interesting twist, Russia is prosecuting members of the REvil group. We will see if the charges will stick and if someone is actually being indicated as might be a shift as normally Russia is not going after Russian nationals. » READ MORE

    • The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation » READ MORE

  • No Chinese researchers have not broken AES encryption using quantum computers. Lots of sensationalism in the news. Don’t read me wrong, it will happen at some point and knowing the complexity to move to quantum safe algorithms it’s probably a good advise to work on this sooner rather than later but that research paper is not creating an immediate threat to existing encryption algorithms » READ MORE

  • On a different note, and if you are like me and like to read about some big engineering projects and challenges, did you know that 99% of the digital communication rely on subsea cables? Impressive but how about repairing those deep sea cables when they break? You can read all about it on the BBC website » READ MORE

What Are AI Programming Assistants?

This is the first in a two-part series on AI programming assistants. In this article, we’ll explore what AI programming assistants are and their impact on development. Next week, I’ll dive into the security implications, what CISOs need to be aware of, and practical steps they can take to ensure secure AI-driven coding practices.

AI programming assistants are reshaping how software is built. By harnessing machine learning, these tools provide developers with real-time support, helping to write code faster and more efficiently than ever before. As organizations increasingly adopt these technologies, it's becoming clear that AI assistants have the potential to transform not only development processes but also how applications are secured.

By analyzing vast datasets of existing code, these assistants can offer real-time code suggestions, fill in missing pieces, and even recommend optimizations. According to a recent survey by Black Duck, over 90% of organizations are now using AI tools in some capacity for software development, signaling a transformative shift in how applications are built and secured.

GitHub Copilot, for example, is trained on millions of code repositories and can predict what a developer is trying to build, providing code completion, generating test cases, and offering debugging assistance. Other popular AI programming assistants include Amazon Q Developer, Tabnine, and Microsoft's IntelliCode, each offering unique features and integrations.

These tools are typically integrated into integrated development environments (IDEs) like Visual Studio Code or JetBrains, making them accessible as part of the developer's workflow. From generating basic functions to complex algorithms, AI programming assistants can speed up the development process, freeing up developers to focus on higher-level problem-solving​.

The Benefits for Developers

AI programming assistants hold tremendous potential for improving the way developers work. From automating repetitive tasks to accelerating onboarding and optimizing code, these tools offer tangible benefits that can enhance productivity and code quality.

  1. Automation of Repetitive Tasks

AI programming assistants excel at automating repetitive coding tasks that traditionally consume a significant portion of a developer's time. This includes tasks such as code formatting, refactoring, and completing frequently used code snippets. By automating these tasks, developers can focus on more complex and creative aspects of their projects​.

For instance, a study by GitHub found that developers reported saving up to 55% of their time on routine coding tasks when using Copilot, allowing them to concentrate on more challenging aspects of software development. The automation is particularly helpful for junior developers, as it ensures consistency in code quality and helps them adopt best practices faster.

  1. Faster Onboarding and Learning

When developers join a new team or project, it often takes time to become familiar with the codebase. AI programming assistants can accelerate this onboarding process by providing clear explanations of unfamiliar code snippets or suggesting alternatives. Developers can query the AI in natural language, asking it to explain certain functions or processes, reducing the time needed to understand the intricacies of a large codebase​.

This functionality extends to learning new programming languages or frameworks. AI assistants can translate code from one language to another, helping developers experiment with unfamiliar technologies without starting from scratch​. For example, an AI assistant could help a Java developer quickly understand and work with Python code, significantly reducing the learning curve.

  1. Code Optimization and Testing

AI assistants not only generate code but also offer real-time suggestions for optimizing code. This can range from improving the efficiency of algorithms to detecting potential bugs during the coding process. Some assistants also generate automated test cases, helping to improve test coverage without requiring developers to manually write tests for every scenario​.

This feature is particularly important in large-scale projects where comprehensive testing is critical to maintaining code quality. However, while AI can generate tests, human oversight is still crucial to ensure the tests are comprehensive and aligned with the project's specific requirements.

The Productivity Debate: Are AI Assistants Really Helping?

While the benefits of AI programming assistants are clear, their actual impact on productivity has sparked debate among developers and industry leaders. Initial hype around these tools has led to high expectations, but real-world results have been more nuanced.

Some studies suggest that these tools increase the speed of development, while others reveal that the productivity gains are more modest than expected. The effectiveness of these tools can vary significantly based on factors such as the developer's experience level, the complexity of the project, and how well the AI assistant is integrated into the existing workflow.

For example, a study examining the use of GitHub Copilot showed that while developers found the tool useful for writing code, its impact on productivity was less significant than anticipated. In fact, for some users, the bug rate actually increased by over 40%​. This suggests that while AI can speed up the coding process, the quality of the generated code may require additional oversight.

A key consideration is how much trust developers should place in AI-generated code. While these tools are good at providing useful suggestions and automating tasks, they aren't perfect. Developers must still apply critical thinking to ensure the generated code meets project-specific requirements. There’s a fine line between boosting productivity and introducing additional risks due to over-reliance on AI-generated code.

Mixed Results on Productivity Gains

Some real-world studies have indicated that while AI tools can reduce the time spent on certain coding tasks, the overall productivity gains may be marginal. A study conducted by Uplevel Data Labs showed that Copilot reduced cycle time by just 1.7 minutes, with no statistically significant improvements in efficiency metrics like PR throughput​. Additionally, the tools did not significantly help with reducing developer burnout, which was one of the anticipated benefits.

The mixed productivity results indicate that the success of AI programming assistants can depend on the type of work developers are engaged in. For repetitive tasks or when working within familiar frameworks, these tools shine. However, in complex, innovative projects that require deep domain knowledge or creativity, the tools may offer less tangible benefits.

It’s worth noting that AI programming assistants are best viewed as complementary tools. While they can accelerate the development process, the quality of AI-generated code often requires oversight to meet security, performance, and project-specific standards.

Security Considerations

While the focus of this article is on productivity and benefits, it's important to briefly touch on the security implications of AI programming assistants. These tools introduce new potential risks, such as the possibility of generating insecure code or inadvertently incorporating vulnerable dependencies. Organizations need to be aware of these risks and implement appropriate safeguards. We'll explore this topic in depth in the next article of this series.

Future Outlook

As AI technology advances, programming assistants will improve in accuracy and capabilities, offering better contextual awareness, understanding of project-specific requirements, and integration with development workflows. They may handle complex tasks like real-time vulnerability detection and code optimization for performance and security. However, the human element in software development remains crucial, with AI enhancing rather than replacing developer capabilities. Organizations must consider how to integrate AI tools effectively, ensuring code quality and security, providing necessary training, and adapting developer roles. The next article will explore the security risks of AI tools and how CISOs can ensure safe usage.

Worth a full read

Generative AI’s Act 01

Generative AI's evolution towards reasoning capabilities signifies a shift to more advanced, agentic applications reshaping market opportunities.

www.sequoiacap.com/article/generative-ais-act-o1

Key Takeaway

  • AI's evolution from rapid responses to reasoning marks a significant technological shift.

  • Developing reasoning capabilities in AI is crucial for solving complex, meaningful problems.

  • Inference-time compute is essential for enabling AI to think and reason effectively.

  • System 2 thinking in AI involves generating possibilities and evaluating outcomes in real-time.

  • The shift to inference clouds will redefine AI's computational landscape and capabilities.

  • Diverse, domain-specific cognitive architectures are necessary for effective AI applications.

  • Service-as-a-software redefines market opportunities by turning labor into software.

  • Agentic applications are expanding markets by reducing service delivery costs.

  • The AI transition provides opportunities for startups in automatable work areas.

  • AI native companies may lead due to their advanced cognitive architectures.

Research Paper

On the Feasibility of Fully AI-automated Vishing Attacks

Summary: The paper explores the potential for AI to automate vishing attacks using a system called ViKing, which employs a Large Language Model (LLM) to conduct phone-based social engineering. Through a controlled experiment with 240 participants, ViKing successfully extracted sensitive information from 52% of participants, demonstrating the feasibility of AI-powered vishing. The study highlights the risks posed by such technology and suggests its use in cybersecurity training. Despite ethical constraints limiting real-world applicability, the findings indicate a need for further research into AI-driven social engineering and defense mechanisms.

Published: 2024-09-20T10:47:09Z

Authors: João Figueiredo, Afonso Carvalho, Daniel Castro, Daniel Gonçalves, Nuno Santos

Organizations: INESC-ID/IST, Universidade de Lisboa

Findings:

  • ViKing extracted sensitive info from 52% of participants.

  • Awareness reduced success rate from 77% to 33%.

  • 68.33% found ViKing credible and trustworthy.

  • 62.92% rated ViKing's realism as comparable to humans.

  • Cost per successful attack estimated between $0.50 and $1.16.

Final Score: Grade: B, Explanation: Strong empirical study but limited real-world applicability due to ethical constraints.

Download Report

Wisdom of the week

Artificial intelligence, deep learning, machine learning — whatever you’re doing if you don’t understand it — learn it. Because otherwise, you’re going to be a dinosaur within three years.

Mark Cuban

Contact

Let me know if you have any feedback or any topics you want me to cover. You can ping me on LinkedIn or on Twitter/X. I’ll do my best to reply promptly!

Thanks! see you next week! Simon

Reply

Avatar

or to participate

Keep Reading

© 2026 Project Overwatch - The views and opinions expressed are my own and not those of any of my current, previous, or future employers..
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv