Comment by Joof
4 days ago
Isn't that the point of agents?
Assume we have excellent test coverage -- the AI can write the code and ensure get the feedback for it being secure / fast / etc.
And the AI can help us write the damn tests!
4 days ago
Isn't that the point of agents?
Assume we have excellent test coverage -- the AI can write the code and ensure get the feedback for it being secure / fast / etc.
And the AI can help us write the damn tests!
No, it can’t. Partially stems from the garbage the models were trained on.
Example anecdata but since we started having our devs heavily use agents we’ve had a resurgence of mostly dead vulnerabilities such as RCEs (CVE in 2019 for example) as well as a plethora of injection issues.
When asked how these made it in devs are responding with “I asked the LLM and it said it was secure. I even typed MAKE IT SECURE!”
If you don’t sufficiently understand something enough then you don’t know enough to call bs. In cases like this it doesn’t matter how many times the agent iterates.
To add to this: I’ve never been gaslighted more convincingly than by an LLM, ever. The arguments they make look so convincing. They can even naturally address specific questions and counter-arguments, while being completely wrong. This is particularly bad with security and crypto, which generally isn’t verified through testing (which only proves the presence of function, not the absence).
Saw Rich Hickey say this, that it is a known fact that tested code never has bugs.
On a more serious note: how could anyone possibly ever write meaningful tests without a deep understanding of the code that is being written?