ANSSI and BSI publish their security recommendations regarding AI programming assistants.

As AI usage continues to intensify, the use of AI programming assistants has already spread to numerous public and private entities. These tools are being employed at different stages of the software development process – primarily to generate source code, to help developers familiarise themselves with the source code of new projects, or to generate tests and documentation. The use of such assistants is bound to become increasingly widespread and, therefore, increasingly essential to the development of software.

Though the use of such tools can prove advantageous, it may also introduce new security challenges which will need to be met with caution. By way of a document drafted entirely in English, ANSSI and BSI thereby present the opportunities and challenges associated with the use of AI programming assistants – including the risks posed by shared services accessible via the internet. This document is intended to promote the responsible and secure usage of these tools, and issues a series of security recommendations for decision-makers and developers.

This joint publication by BSI and ANSSI is part of a series of projects undertaken by both of the entities on the topic of AI. Last spring, ANSSI published its recommendations on the security of generative AI systems Recommandations_de_sécurité_pour_un_système_d_IA_générative.pdf (cyber.gouv.fr), now also available in English Security recommendations for a generative AI system | ANSSI (cyber.gouv.fr). BSI, on its part, conducted a recently-updated study on the challenges and opportunities associated with LLM (Large Language Models) Generative AI Models: Opportunities and Risks for Industry and Authorities (bund.de)