GitHub Copilot - The Controversy

Since the launch of Copilot's Technical Preview, questions have been asked regarding the tool's accuracy, privacy and ability to generate useful code. So what's the controversy all about?

What It Is

First announced on the 29th of June 2021, Copilot claims to be "your AI pair programmer" - an artificial intelligence based tool which can autocomplete code to the next level. But this isn't just your ordinary VS Code extension for autocompletion - this tool can generate a number of lines of code (I've personally seen it generate about 30 whole lines of code) relevant to the project that you're working on! It's certainly impressive, saving time for so many developers across the world, especially when having to generate boilerplate code.

Essentially, it's a Visual Studio Code Extension - you can download it right now, but you'll have to register here in order to activate your technical preview. It was developed by GitHub and OpenAI for VS Code, Neovim and JetBrains users. In layman terms, the tool is basically a powerful code prediction engine using the OpenAI Codex, trained on (literally) billions of lines of open source code.

On a surface level, it seems to be extremely efficient and time-saving, so what is all the controversy about?

What's happening under the hood?

As mentioned above, the prediction engine has been trained on billions of lines of code spanning across multiple high quality repositories on GitHub, making it effective for code completion, be it a few lines of code or even whole functions. Codex is an improvement on OpenAI's Generative Pre-trained Transformer 3 (GPT-3) machine language model that uses deep learning to produce human-like text.

A lot of the controversy surrounding GitHub copilot has been regarding the fact that maybe it could replace human developers. And although this might sound appealing, the fact that it may introduce security vulnerabilities is certainly something to watch out for. In fact, a research paper titled "An Empirical Cybersecurity evaluation of GitHub Copilots Code Contributions" found that, upon testing 1692 programs generated in 89 different code completion scenarios, 40% of them contained security vulnerabilities. Some of these vulnerabilities included outdated code, or code with a lot of bugs, or even code that could easily be exploited and manipulated.

Are developers at a risk of losing their jobs?

The concept of Artificial Intelligence (or should I say, superintelligence) taking over the world and ultimately replacing humans has been around for quite a few decades, and authors and directors have never missed the opportunity to portray AI as some evil which will end up turning against its creators and wrecking havoc in the world.

Many users and developers have raised concerns against Copilot and whether they are at a risk of losing their job. The fact is, the tool is only as efficient as the training examples it has been given to train on (i.e. millions of repositories). It can't exactly (as of now) make up novel solutions for new programming problems, it's simply good at generating and predicting what you want to do in your project. The advantages? It could help onboard users to new codebases, reduce context switching for experienced coders, and aid in education and exploration. It's no doubt that next-generation 'auto-complete' tools like Copilot will increase the productivity of software developers.

What's in store for the future?

Although Copilot is excellent at code predictions, developers have to remain vigilant while using the tool. While Copilot will improve over the years, currently it should be used with appropriate security checks and tests, to minimize the risk of security vulnerabilities. It should not be used as a substitute for learning how to code, as autocompletion simplifies the learning process to an extent where budding developers may not really understand the code that has been generated. Instead, as of now, it can be effectively used for generating long, mundane boilerplate code for your next project and possibly other pieces of code that require a good deal of autocompletion with the appropriate security measures. Happy Coding!

You can find me on LinkedIn here