AI Coding Assistants

As the use of AI continues to grow at a rapid pace, AI-based coding assistants are already widely used in many public and private organisations. These tools are employed at various stages of the software development process – primarily to generate source code, help developers familiarise themselves with the source code of new projects, or generate tests and documentation. The use of these assistants is set to increase in the future, making these tools an indispensable part of software development.

Whilst they offer clear advantages, these products can also introduce new security risks and must necessarily be approached with caution. In this context, ANSSI and the BSI present, in a document written in English, the opportunities and risks associated with the use of AI-based programming assistants, particularly the risks linked to shared services accessible via the internet. The document aims to contribute to the responsible and secure use of these tools and offers a series of security recommendations for managers and developers.

This joint publication by the BSI and ANSSI forms part of a series of initiatives undertaken by each organisation in the field of AI. Last spring, ANSSI published its security recommendations for generative AI systems, now available in English as ‘Security recommendations for a generative AI system’. For its part, the BSI has produced a (Opens a new window) study on the risks and opportunities of LLMs (Large Language Models), which has recently been updated.