Daffodil International University
Faculty of Science and Information Technology => Game Design => MCT => Programming. => Topic started by: S. M. Monowar Kayser on April 15, 2026, 12:55:39 AM
-
Perhaps the most serious limitation of AI-assisted programming is that fluent code generation can mask insecurity, hallucination, and misplaced developer trust, making reliability the defining research problem of the field. Pearce et al. (2022) provided one of the earliest systematic warnings by showing that GitHub Copilot generated vulnerable code in roughly 40% of evaluated scenarios across high-risk cybersecurity weakness categories, and later work has broadened the concern from vulnerability injection to the wider phenomenon of code hallucination. Agarwal et al. (2024), for instance, introduced CodeMirage and argued that LLM-generated code can fail not only syntactically or logically but also through robustness bugs, memory issues, and security-relevant misconceptions that appear plausible to human readers. Traditional programming tools do not eliminate defects, but they at least fail in interpretable ways: compilers reject malformed programs, type systems flag inconsistencies, and static analyzers expose explicit warning traces. By contrast, large language models often generate incorrect code with rhetorical confidence, which shifts the burden of verification back onto developers while simultaneously encouraging overtrust through polished explanations and syntactically correct output. This asymmetry creates a core research gap in calibrated software generation: the field still lacks robust mechanisms for abstention, self-checking, provenance tracing, and security-aware reward modeling that would let a model distinguish between what it knows and what it is merely pattern-matching. Future research should move beyond pass@k-style metrics toward secure-by-construction copilots that combine generation with static analysis, unit-test synthesis, taint tracking, and explicit uncertainty signals. In the long run, the practical value of AI programming systems will depend less on their ability to write more code and more on their ability to know when not to write it, or when to require stronger evidence before a suggestion is trusted in production (Pearce et al., 2022; Agarwal et al., 2024; Bistarelli et al., 2025).
References
1. Pearce, H., Ahmad, B., Tan, B., Dolan-Gavitt, B., & Karri, R. (2022). Asleep at the keyboard? Assessing the security of GitHub Copilot's code contributions. In Proceedings of the 2022 IEEE Symposium on Security and Privacy.
2. Agarwal, V., Pei, Y., Alamir, S., & Liu, X. (2024). CodeMirage: Hallucinations in code generated by large language models. arXiv preprint arXiv:2408.08333.
3. Bistarelli, S., Fiore, M., Mercanti, I., & Mongiello, M. (2025). Usage of large language model for code generation tasks: A review. SN Computer Science, 6, 673.
S. M. Monowar Kayser
Lecturer, Department of Multimedia & Creative Technology (MCT)
Faculty of Science & Information Technology
Daffodil International University (DIU)
Daffodil Smart City, Savar, Dhaka, Bangladesh
Visit: https://monowarkayser.com/ (https://monowarkayser.com/)