[daft_pink]

From reading this, my sense is that the poisoning attack is happening above our level and as a coder, I would consider it the LLM provider’s job to guard against this sort of attack.

The headline made me think this sort of attack involved someone poisoning via something sent through the api, but how can I possibly concern myself with the training data that the AI which I use uses?

I generally read and understand the suggestions made by the code editor, so I’m not too worried that the autosuggestions are poisoned, but I mostly feel like there’s nothing I can do about it.

[PaulStatezny]

> the poisoning attack is happening above our level...I would consider it the LLM provider’s job to guard against this...I mostly feel like there’s nothing I can do about it.

But that's the whole point of the article: blindly trusting the tool without evaluating the code for correctness and safety.

I think the comment means, "I can't evaluate whether the code is safe" – not, "I just don't want to." And my whole point is, that's not true. :-)

Software engineers can evaluate AI-generated code. If the complexity is too difficult for an engineer, they should get the assistance of a colleague, work on another feature, or disable the AI tool altogether.

[daft_pink]

I guess that I just don’t understand the article? I’m pretty sure everyone is evaluating the code coming out of these systems for correctness and safety.

I’m constantly correcting the things that come out of copilot and it’s not possible to use these type of devices without that.

It just allows me to autocorrect and write faster and guesses which functions that I’m about to type, but I don’t think it’s possible to write code with these tools at this point without having any understanding of the code that is coming out of it and not reading that code. The code that comes out of that just won’t work.