What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
Super-fast S3 Express storage.
New Graviton 4 processor instances.
Emily Freeman leaving AWS.
I don't use AWS, so none of this will affect me.
AI / Large Language Models / Software Development

10 Pitfalls to Keep in Mind with AI Software Development

Mitigating code quality risks requires careful code review, extensive testing and a balance between automated assistance and human intervention.
Oct 20th, 2023 11:42am by
Featued image for: 10 Pitfalls to Keep in Mind with AI Software Development
Image from hobby kaak on Shutterstock.

Incorporating AI into the software development life cycle (SDLC) has its benefits, such as enabling developers to work more efficiently. In fact, research from GitHub has shown that developers can complete tasks more than 50% faster using an AI tool.

Large language models (LLMs), such as GPT-4 and generative AI, have demonstrated their proficiency in natural language understanding and text generation. They also can generate code snippets, functions or even entire programs based on textual inputs or high-level requirements.

This capability has significant implications for software development, as it can expedite coding tasks and open doors to faster development of innovative solutions. ​​Furthermore, this implies that a substantial portion of future code will be generated using LLMs, leading to an exponential acceleration in application development speed.

That said, I don’t see AI displacing developers. Conversely, I believe the need will only grow for human skills with the emergence of AI in our development world. I see a future state where developers have more bandwidth to tackle more complex tasks and can shift most of their focus to projects they’re excited about. The ripple effect of using AI to improve productivity also will be to improve the work atmosphere and curb burnout.

However, there is a trade-off. While code generated by LLMs helps developers get started quickly and enables companies to build applications faster, it comes with significant risks. LLMs can sometimes generate information that is factually incorrect, misleading or even fictional. This phenomenon is known as “hallucination.”

LLMs are trained on vast datasets that can quickly become outdated. As a result, they may not have access to the most current information or may perpetuate outdated information. It’s important to make sure that the code snippet proposed by an AI tool is secure and that it is clean in the context of the entire codebase.

Here are 10 AI software development pitfalls that should be kept top of mind:

  1. Quality and reliability: Code developed with AI may contain errors, bugs or inefficiencies due to the model’s lack of real-time testing and validation. AI models generate code based on patterns, examples and training data. However, they do not possess real-time feedback mechanisms to validate the correctness or efficiency of the generated code as a human developer would during the coding process. In addition, static code analysis is required on generated code to provide critical oversight, identify bugs and vulnerabilities, and optimize code for efficiency and maintainability.
  2. Security vulnerabilities: One significant concern associated with the use of LLMs in code generation is the potential for these models to inadvertently produce code with security vulnerabilities. These vulnerabilities can render applications and systems susceptible to hacking, breaches and other security threats. To prevent this, LLM-generated code should be tested using static application security testing (SAST) to identify and remediate vulnerabilities before the code is deployed in production.
  3. Lacking context: The code generated by AI might lack a deep understanding of the project’s context and requirements, leading to inappropriate or incorrect solutions. While AI models can understand context to some extent, they may not fully grasp the nuanced and domain-specific requirements of a particular project. This can lead to code that technically works but does not align with the project’s unique goals or user experience requirements.
  4. Maintainability: In striving to fulfill the developer’s request or meet the required functionality, generative AI may produce code that exhibits unnecessary complexity. This over-engineering can lead to unnecessary abstractions, excessive layers of code, lack of modularity or overly intricate logic. Complex and convoluted code structures could make future maintenance, debugging and maintainability challenging.
  5. Risk of technical debt: Technical debt refers to the future costs of rework or maintenance that arise from prioritizing speed and quick fixes over code quality. Generative AI models often prioritize generating syntactically correct code that is not necessarily optimized for quality, efficiency or maintainability. This can lead to code that is harder to understand, modify or extend, resulting in increased technical debt.
  6. Dependency issues: AI-developed code may rely on external libraries or dependencies without thorough consideration, leading to compatibility issues. Generative AI models may lack a comprehensive understanding of external libraries and dependencies. When generating code, they might incorporate libraries that serve the immediate purpose without considering the long-term implications. They could also generate code relying on specific versions of libraries or dependencies available at the time of generation. As these libraries evolve and undergo updates or deprecation, compatibility issues may arise with the generated code. This can lead to runtime errors or unexpected behavior.
  7. Ethics and legal concerns: While the achievements of generative AI are unquestionably impressive, it is a double-edged sword. In addition to unprecedented advancements in productivity and precision across various industries, it introduces a spectrum of ethical and legal concerns. Generated code may inadvertently resemble existing code, raising concerns about plagiarism or copyright infringement.
  8. Absence of creativity: A big constraint of generative AI code creation is its potential to lack innovative solutions and creativity compared to that which human developers can provide. While generative AI models, such as GPT-3.5, perform well in understanding patterns, syntax and common coding practices, they may encounter difficulty with creative problem-solving.
  9. Inefficient: The generated code might be inefficient and not optimized in terms of memory usage, processing speed or other resource consumption metrics. Generative AI models primarily focus on generating syntactically correct code that accomplishes a given task. However, they may not possess the capability to optimize code for resource efficiency, such as memory usage, processing speed or network bandwidth. This limitation arises from their training data, which may not prioritize optimization.
  10. Compliance and regulations: AI-generated code, presents the risk of not fully adhering to industry standards, regulatory requirements or coding conventions. Code generated by AI may not inherently incorporate industry-specific compliance requirements, putting organizations at risk of regulatory violations. Some coding standards encompass accessibility and inclusivity requirements, ensuring that software is usable and accessible by individuals with disabilities. AI-generated code may not prioritize these considerations, potentially excluding users and violating accessibility regulations.

Ensure AI-Developed Code Is Production Ready with Clean Code 

As mentioned above, generative AI code-development tools are a powerful assistant to developers that help enhance their productivity, but it’s crucial to acknowledge that while the allure of auto-generated code is undeniable, it is not inherently software development and production ready.

When LLMs generate code, there’s a risk that the resulting code might prioritize immediate functionality over long-term maintainability, readability and scalability. Mitigating these code quality risks requires careful code review, extensive testing, refining the generated code and maintaining a balance between automated assistance and human intervention in the development process.

By ensuring AI-generated software development is clean — consistent, intentional, adaptable and responsible — organizations can minimize risk, reduce technical debt and derive more value from their software in a predictable and sustainable way. Clean Code solutions will offer developers the insurance they need to be confident that their AI-generated code is of quality.

Having a Clean Code approach is now more important than ever to strike a balance between the speed of generating code and the quality of the generated code and, in turn, maintain a healthy software-development process.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, SonarSource.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.