AI code assistants speed up development but add to risks

New research from Apiiro shows that while AI code assistants are accelerating development times they're also increasing risks.

AI code assistants have seen rapid adoption since the launch of ChatGPT in November 2022. Microsoft reports that more than 150 million developers now use GitHub Copilot, up 50 percent over the past two years.

Apiiro's data shows that since Q3 2022, the number of pull requests (PRs) has surged by 70 percent, far outpacing the 30 percent growth in repositories and the 20 percent increase in developers. This surge in pull requests points to the significant impact of generative AI, enabling
developers to produce more code at a faster pace.

The number of APIs in development that expose sensitive data is rising alongside the growth in repositories. Apiiro's Material Code Change Detection Engine, which scans each commit in real-time, detected a threefold increase in repositories containing personally identifiable information (PII) and payment data since Q2 2023.

It also detected a 10 times surge in repositories containing APIs with missing authorization and input validation over the past year.

Itay Nussbaum, product manager at Apiiro, writes on the company's blog, "The rise of GenAI code assistants like GitHub Copilot has dramatically increased code creation velocity in the past two years, even as the number of developers has remained steady. However, this acceleration comes with significant security risks: a 3X surge in repositories containing PII and payment data, a 10X increase in APIs missing authorization and input validation, and a growing number of exposed sensitive API endpoints. As AI-generated code scales, so do application security risks, underscoring the need for stronger risk detection and governance."

You can read more on the Apiiro blog.

Image credit: meshcube/depositphotos.com