Amazon’s ecommerce business has summoned a large group of engineers to a meeting on Tuesday for a “deep dive” into a spate of outages, including incidents tied to the use of AI coding tools.
The online retail giant said there had been a “trend of incidents” in recent months, characterized by a “high blast radius” and “Gen-AI assisted changes” among other factors, according to a briefing note for the meeting seen by the FT.
Under “contributing factors” the note included “novel GenAI usage for which best practices and safeguards are not yet fully established.”
I’ve been writing a slightly larger project with frontend, bff and backend and I need to take it in small batches so that I can catch when it misunderstands or outright does a piss job of implementing something. I’ve been focusing a lot on getting all the unit tests I need in place which makes me feel a bunch better.
The bigger and more complex the projects get, the harder it is for the LLM to keep stuff in context which means I’ll have to improve my chunking out smaller scoped implementations or start writing code myself I think.
All in all I feel pretty safe with my project and pleased with the agents work but I need to increase testing further before bringing anything live.
Security testing will be the most important.
I’ve done a couple of tiny projects that I didn’t feel like coding. So far, I have not been terribly impressed. Well, it is impressive that it can make something functional at all, and in one case, what it made was fine enough to use as the temporary project it was intended (sharing christmas music with friends/family - reading files from a directory and writing a javascript player to play them in a shuffled order).
In the other case, replicating a simple text-based old DOS game with simple rules (think a space-based game around the complexity of checkers or so), it failed to think of so many things that while it did what I told it for the most part, it wasn’t a playable game. It was close, and fun enough for a nostalgic moment, but I had to work with it on logic like “If two fleets of ships arrive at the same planet in the same turn, you have to see how the first battle goes. If the first battle captures the planet, the second fleet is not attacking the first fleet’s ships - we won the planet at that point”. Very simple concepts that sure, you’d have to think of as a programmer, but if you were telling another person about how the game should work, were things I felt another person would think about.
I hope AI works well for you. Anywhere security it needed like database sanitation or user credentials… I hope you test thoroughly and I hope you can tell it enough to remind it to implement things like sanitation and other safety measures. An app can certainly appear to be working, but give many many fronts for attack. That’s my main worry with AI code. I worry enough on the little projects I do if I’m being secure enough myself.
Yeah I hope I am cautious enough. I use strict db models that were man written and have type checking and sanitation. That along with unit tests that cover everything I’ve been able to think of that can go right or wrong combined with the classic “obscurity===security” motto.
Of course there are always vectors one hasn’t thought of, but that goes for man made projects as well. If I decide to bring it live and scale up I’ll probably order a pen test.
Sounds like you’re 1) thinking about it and certainly 2) doing way the fuck more than most utilizing AI.
My approval means quite little, but you have it anyway <3
❤️