Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Let’s take the security aspect one step farther: could a bad actor introduce popular code into copilot, which is full of subtle back-doors? Asking for a befriended state actor.


Why would you need a bad actor introducing a bug when Copilot already generates code that is indistinguishable from buggy (and possible backdoored) stuff? It scraped random stuff on Github and was trained on it, nobody knows what the quality or content of that training set was.


Given our experience with Stack Overflow we probably know the answer to that question.


Why not put copilot code into a SAST tool as a training layer?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: