I don’t care if the solution is AI based or not, indeed.
I guess I thought it like that because AI is quite fit for the task of understanding what might be the purpose of code in a few seconds/minutes without you having to review it. I don’t know how some non-AI tool could be better for such task.
Edit: so many people against the idea. Have you guys used GitHub Copilot? It understands the context of your repo to help you write the next thing… Right? Well, what if you apply the same idea to simply review for malicious/unexpected behaviour on third party repos? Doesn’t seem too weird for me.
Don’t listen to the idiots downvoting you. This is absolutely a good task for AI. I suspect current AI isn’t quite clever enough to detect this sort of thing reliably unless it is very blatant malicious code, but a lot of malicious code is fairly blatant if you have the time to actually read an entire codebase in detail, which of course AI can do and humans can’t.
For example the extra . that disabled a test in xz? I think current AI would easily be capable of highlighting it as wrong. It probably wouldn’t be able to figure out that it was malicious rather than a mistake yet though.
I don’t care if the solution is AI based or not, indeed.
I guess I thought it like that because AI is quite fit for the task of understanding what might be the purpose of code in a few seconds/minutes without you having to review it. I don’t know how some non-AI tool could be better for such task.
Edit: so many people against the idea. Have you guys used GitHub Copilot? It understands the context of your repo to help you write the next thing… Right? Well, what if you apply the same idea to simply review for malicious/unexpected behaviour on third party repos? Doesn’t seem too weird for me.
EXTREMELY LOUD INCORRECT BUZZER
Don’t listen to the idiots downvoting you. This is absolutely a good task for AI. I suspect current AI isn’t quite clever enough to detect this sort of thing reliably unless it is very blatant malicious code, but a lot of malicious code is fairly blatant if you have the time to actually read an entire codebase in detail, which of course AI can do and humans can’t.
For example the extra
.that disabled a test in xz? I think current AI would easily be capable of highlighting it as wrong. It probably wouldn’t be able to figure out that it was malicious rather than a mistake yet though.