AI Coding Companions 2024: AWS, GitHub, Tabnine + More

June 26, 2024 TH Author Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Network, Trend Micro Research : Security Strategies

AI coding companions have evolved leaps and bounds since coming on the scene less than two years ago. While developers have long relied on machine intelligence for automation, code completion, low-code development, static code analysis, and the like, generative AI is delivering on its promise to help them do more, faster, and better.

Today’s leading tools have evolved at high speed from relatively simple code suggesters and checkers into sophisticated, multi-featured software development platforms. Some, like CodeWP (for WordPress), Android Studio Bot, and SQLAI are highly specialized. Others have broader applications. Not a few have already undergone rebrandingand consolidations: the former Amazon CodeWhisperer has been folded into the Amazon Q AI suite as Amazon Q Developer; Google Bard is now Gemini.

A look at a few of the widely recognized top AI coding companions gives a sense of just how powerful these applications have become.

AWS versus GitHub versus Tabnine: Who does what?

Amazon Q Developer

Amazon Q is defined as “the AWS generative AI-powered assistant”, with five distinct products: Amazon Q Business, Amazon QuickSight, Amazon Connect, AWS Supply Chain, and Amazon Q Developer, a coding companion trained on 17 years of AWS data.

Amazon Q Developer is designed to help build, test, upgrade and troubleshoot applications in AWS. As a chatbot, it can answer a vast range of questions about AWS and help manage an enterprise’s specific AWS resources in response to natural language prompts. For coding, it can generate snippets or complete functions—again, working from natural language inputs and existing code.

Amazon Q Developer also includes autonomous agents that execute complex tasks associated with new feature implementation, documentation and more.

Languages: Python, Java, JavaScript, TypeScript, C#, Go, Rust, PHP, Kotlin, C, C++, and SQL, and more.

Integrated Development Environments (IDEs): JetBrains, IntelliJ IDEA, Visual Studio, VS Code, and more.

GitHub Copilot

GitHub touts itself as “the world’s leading AI-powered developer platform,” with features for spinning up cloud dev environments, searching code repositories, reviewing code, and more. Its AI coding companion, GitHub Copilot , is a key piece of that mix, answering general coding questions or getting specific about a particular codebase in natural language and suggesting code completions as developers are typing to speed up the process. It can suggest lines of code and full functions, interpret code, and check for vulnerabilities in code—blocking “insecure patterns” in real time.

The underlying generative AI model is a collaborative product of GitHub, OpenAI, and Microsoft, and its training is based on languages in public repositories.

Languages supported: Several languages and frameworks; is especially well suited to Python, JavaScript, TypeScript, Ruby, Go, C# and C++

IDEs supported: Visual Studio and Visual Studio Code, Vim, Neovim, JetBrains IDEs, and Azure Data Studio.

Tabnine

Tabnine promises AI coding assistance that’s private, personalized, and protected—putting a stake in the ground where security and customization are concerned. It promises context-aware coding support tailored to each organization and project, with the ability to generate high-quality code automatically from natural-language prompts, and to create custom models.

Tabnine’s chat function extends across the full software development lifecycle and offers code explanations, testing, bug-fixing, and documentation generation functionality, all with the goal of speeding up the development process.

On the privacy and security front, Tabnine says it does not train its models on customers’ code (though organizations can train on their own codebase to build custom models if they want) and never stores or shares code without permission. Because Tabnine is trained only on “permissively licensed code,” it offers built-in protection against IP-related liabilities.

Languages supported: More than 25 languages and frameworks including Java, C++, SQL, Python, Rust.

IDEs supported: VS Code, IntelliJ, Visual Studio, Eclipse, Android Studio, AppCode, CLion, GoLand, Neovim, PhpStorm, PyCharm, Rider, RubyMine, WebStorm.

When to use which AI coding companion?

The three AI coding companions profiled here cover a broad range of activities, languages, and environments. Choosing among them may come down to a dev team’s subjective preferences and where the software is ultimately going to be deployed. Amazon Q Developer is built for the AWS environment while GitHub’s relationship with Microsoft and OpenAI makes Copilot a natural fit for applications destined to run in Azure. Tabnine is broadly flexible and has been said to be “especially suited for tech-savvy enterprise teams.”

In all cases, one question comes up consistently across blogs, web searches, and message board threads: “Are these tools safe and secure?”

Using AI securely for coding

Security experts have long cautioned that AI could be used to generate highly effective—and destructive—malicious code. But AI security isn’t just about defending against new vulnerabilities and attack types. Bad code is also a concern: code that doesn’t work, has unintended consequences, or inadvertently exposes private information.
Coding companion providers are aware of the risks. “Responsible AI” is the new catchphrase—meaning “use it wisely”. The crucial takeaway here is that software developers and the companies they work for have a proactive role to play in defending against AI coding risks. Best practices strongly recommended by Trend Micro and cybersecurity analyst firms like Gartner include:

Reviewing and security-testing all AI-generated code
Treating any AI-generated code as potentially vulnerable
Not relying exclusively on AI for coding

While all of the AI coding companion providers we looked at have security and data protection policies, it’s the use of their tools that can create vulnerabilities. That makes it incumbent on developers to be aware of the risks, and for corporate policies to mitigate them.

The upshot

Software developers have lots to gain from adopting AI coding companions. The ability to automate repetitive tasks, to optimize code with machine learning, to quickly find and correct errors, and to speed up coding overall are undeniably “wins”. They free up more time for developers to bring creativity to their work, add user value, and focus on business logic.

It seems reasonable to expect these tools will become more advanced, secure, and reliable over time. But it’s a long time off, if ever, that AI will take over the hard parts of coding, the ones that require imagination, inspiration, and expert judgment.

For now—and maybe for always—that part still falls to people, to the developers. And related to that, it is people who need to bring a responsible, security-minded approach to keep enterprises, their customers, and partners safe and secure wherever AI is used.

You May Also Like

2 Weeks Out: Evolution at RSAC 2024

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

The Risk of Ransomware Supply Chain Attacks