Meta has developed a generative AI tool for coding called CodeCompose, which is similar to GitHub’s Copilot. It is not yet available to the public, but Meta says that its teams use it internally to get code suggestions for Python and other languages as they type in IDEs like VS Code. CodeCompose has the potential to be a valuable tool for developers, but it is important to be aware of the potential risks, such as security vulnerabilities, copyright infringement, and bias.
Meta has developed a generative AI tool for coding called CodeCompose. It is similar to GitHub’s Copilot, but it is not yet available to the public. Meta says that its teams use CodeCompose internally to get code suggestions for Python and other languages as they type in IDEs like VS Code.
CodeCompose is built on top of public research from Meta that has been tuned for the company’s internal use cases and codebases. It can make suggestions like annotations and import statements as a user types, and it can complete single lines of code or multiple lines, optionally filling in large chunks of code.
Meta claims that thousands of its employees are accepting suggestions from CodeCompose every week and that the acceptance rate is over 20%. However, the company did not address the controversies around code-generating AI.
Microsoft, GitHub, and OpenAI are being sued in a class action lawsuit that accuses them of violating copyright law by allowing Copilot to regurgitate sections of licensed code without providing credit. Liability aside, some legal experts have suggested that AI like Copilot could put companies at risk if they were to unwittingly incorporate copyrighted suggestions from the tool into their production software.
It is unclear whether CodeCompose, too, was trained on licensed or copyrighted code — even accidentally. When reached for comment, a Meta spokesperson said:
The AI research branch of Meta released InCoder, which was used to train CodeCompose. In a paper detailing InCoder, we note that, to train InCoder, ‘We collect a corpus of (1) public code with permissive, non-copyleft, open source licenses from GitHub and GitLab and (2) StackOverflow questions, answers, and comments.’ The only additional training we do for CodeCompose is on Meta’s internal code.
Generative coding tools can also introduce insecure code. According to a recent study by Stanford, software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. While the study didn’t look at CodeCompose specifically, it stands to reason that developers who use it would fall victim to the same.
Bolin stressed that developers don’t need to follow CodeCompose’s suggestions and that security was a “major consideration” in creating the model. “We are extremely excited with our progress on CodeCompose to date, and we believe that our developers are best served by bringing this work in-house,” he added.
Here are some of the potential benefits of using CodeCompose:
- Increased productivity: CodeCompose can help developers save time by generating code suggestions. This can be especially helpful for repetitive tasks or tasks that require a lot of coding knowledge.
- Improved accuracy: CodeCompose can help developers write more accurate code by suggesting code that is consistent with the surrounding code. This can help reduce the risk of errors.
- Increased creativity: CodeCompose can help developers come up with new ideas for code by suggesting different ways to solve problems. This can help improve the overall quality of the code.
However, there are also some potential risks associated with using CodeCompose:
- Security vulnerabilities: CodeCompose could introduce security vulnerabilities into code if it is not used carefully. Developers need to be aware of the potential risks and take steps to mitigate them.
- Copyright infringement: CodeCompose could be used to infringe on copyrights if it is not used carefully. Developers need to be aware of the potential risks and take steps to avoid them.
- Bias: CodeCompose could be biased in its suggestions if it is not trained on a diverse dataset. Developers need to be aware of the potential risks and take steps to mitigate them.
Overall, CodeCompose has the potential to be a valuable tool for developers. However, it is important to be aware of the potential risks and take steps to mitigate them.