What would you do if you found out one of your devs was using generative AI for their code without explicit approval? Would it be a problem?

437 views10 Comments

Director Of Information Technology in Healthcare and Biotech, 1,001 - 5,000 employees
 I would shut it down right away, isolated from my net worth and investigate.
VP of IT in Software, 5,001 - 10,000 employees
If it was part of the design it would be okay.
Director of Digital Technology in Media, 11 - 50 employees
I have no issues with it - generative ai for code can help rapidly flesh an idea out - or provide an approach otherwise not considered. Either way it still requires a competent engineer to implement and integrate it. It is not a solution all onto itself. 
Director of IT in Education, 5,001 - 10,000 employees
I won’t have an issue, but I would like to know beforehand and wanted it to be documented and explained.
Senior Director in Healthcare and Biotech, 1,001 - 5,000 employees
I would not have an issue. Generative AIs are making people's lives easier - why should it not for my devs? What I would like to know is how much code was from the AI vs. the dev, and then look at if I need that dev any more :)
1 2 Replies
Director of IT in Education, 5,001 - 10,000 employees

That Dev might not tell you if he knows that you may eliminate him.

Senior Director in Healthcare and Biotech, 1,001 - 5,000 employees

I would use the same prompts and compare. No need to ask the dev...or else have another dev attempt the same. 

Senior Product Manager in Software, 10,001+ employees
I guess it depends - is the generative AI being used for initial code generation or is the generative AI being used inside the code (either hand-written or AI generated) as part of the product function?

In the case of generative AI being used for initial code generation, I don't think it will be a big problem as long as the same rigorous code review, testing, and QA approval processes have been followed prior to the release of the final product.

In the case of generative AI is used inside the code for providing solutions and/or recommendations, then it will become a big problem - you don't want to incur any liability resulting from the wrong/incomplete/inappropriate answers/solutions your product presented to your customers as the result of using generative AI as part of your final product. 

In this case you will want to do a throughout review on the potential benefits and damages of incorporating generative AI into you code before releasing your final product.
Director in Manufacturing, 1,001 - 5,000 employees
It depends…. We have development teams that create externally sold software products some of which have life safety considerations. We would not want to risk additional hacker access. This would be a problem

For internal applications without external access I’d be less concerned but would correct the employee and seek approval going forward
Director, AI Center of Excellence in Finance (non-banking), 10,001+ employees
I would welcome it especially if it helps get to a working solution quicker.  Making an assumption that you have controls in place to ensure no cyber security measures were being bypassed and you have a peer code review process in place.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks59%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy9%



Limited environment/Infrastructure resources32%

Inability to quickly identify the root cause of CI/CD pipeline failures45%

Lack of standardized CI/CD pipeline templates across the organization54%

Integrating security tools - inefficient security implementation leading to false positives38%

Poor communication across business and product teams/coordination challenges26%

Cost/resource management26%

Implementation of CI/CD into on-going projects and workflows22%

Internal resistance: training issues, culture, etc.14%

Inefficient implementation of CI/CD due to lack of expertise, poor training, etc.19%

Poorly written unit and acceptance testing9%