Cyber Security

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go.

Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that’s trained on publicly available source code and natural language with the goal of translating comments and code written by a user into auto-generated code snippets.

“GitHub Copilot draws context from the code you’re working on, suggesting whole lines or entire functions,” GitHub CEO Nat Friedman said in a blog post. “It helps you quickly discover alternative ways to solve problems, write tests, and explore new APIs without having to tediously tailor a search for answers on the internet.”

Despite its function as an AI-based autocomplete for writing boilerplate code, the Microsoft-owned software repository hosting and version control platform reiterated that Copilot is not designed to write code on behalf of the developer, while noting that users can cycle through alternative suggestions and manually edit suggested code.

Given that the code suggestions are based on a selection of English language and source code from publicly available sources, including code in public repositories on GitHub, the company explicitly spelled out the security consequences that may arise out of relying on low-quality code from the training set, leading to “insecure coding patterns, bugs, or references to outdated APIs or idioms.”

In other words, the code suggested by GitHub Copilot “should be carefully tested, reviewed, and vetted, like any other code.”

However, if it’s any consolation, the code generated by Copilot is largely unique, with a test performed by GitHub finding that only 0.1% of generated code could be found verbatim in the training set. The company also said it has filters in place to block offensive words and avoid generating suggestions in sensitive contexts.

GitHub Copilot is currently available as an extension for Microsoft’s cross-platform code editor Visual Studio Code, both locally on the machine or in the cloud on GitHub Codespaces.