[mbesto]

> activated by anybody but the driver.

Except this is precisely what the abstract is saying is a misuse of the system. You have the option to give the driver the control.

> Ideally, Copilot should be paired with appropriate security-aware tooling during both training and generation to minimize the risk of introducing security vulnerabilities.

You're oversimplifying by assuming the purpose of CoPilot is to write a whole block of text from generated code. CodePilot is a 80/20 thing when every developer on HN is pedantically assuming its a 100/0 one.

[eropple]

> [Copilot] is a 80/20 thing when every developer on HN is pedantically assuming its a 100/0 one.

Tesla has 80% of a self-driving solution and runs into parked cars.

I don't think it's "pedantic" to realize that 80% is enough that low-information users are going to assume it's 100%. And that low-information users are the ones who will flock to a tool like this. (I won't, because after trying Copilot out, I realized that checking the code generally takes about as long as writing it.)

[mbesto]

> Tesla has 80% of a self-driving solution and runs into parked cars.

Weird take, not sure how thats relevant at all, but okay.

> And that low-information users are the ones who will flock to a tool like this.

Developers are notoriously not low-information users. As someone else pointed out:

> If you have devs who don't know how to write secure code, and/or you don't have security engineering support (internal or outsourced), you were already failing (or probably more apropos, walking the tight rope without a net).

So devs with limited security experience are going to continue to developer code that doesn't conform to security standards. CoPilot neither makes this better nor makes it worse. In fact, that's exactly the problem AI - it simply mimics real humans. (see -> Amazon's attempts at using AI for hiring and the resulting bias)

CoPilot is for the people who google StackOverflow answers without having to search on StackOverflow.