Dangers of AI coding tools

Publish Date: Jan 8

73 21

I have written hundreds of thousands of lines of code over my 15 years; writing some types of code has become tedious and well frankly, just boring. File uploads, CRUD, forms 🥱.

This is why I use AI, it can do the scaffolding for me so that I can focus on more interesting stuff.

I don't however just blindly copy-and-paste, I review all the code generated and optimize or tweak where needed.

A simple hack

Earn your stripes first, it may be tempting to just ask AI but this is dangerous because you are relying on a tool that could give you wrong advice. Having little to no experience, you probably won't pick up discrepancies.

Here's an AI generated example:

     if ($request->hasFile('file')) {
            $file = $request->file('file');
            $fileName = Str::uuid() . '.' . $file->getClientOriginalExtension();

            // Store in public/storage/uploads/tinymce
            $path = $file->storeAs(
                config('tinymce.upload_path'),
                $fileName,
                'public'
            );

            return response()->json([
                'location' => Storage::url($path)
            ]);
        }

This is a basic example, but a good reference to drive home my point. Many things are wrong here, but the most important is that there's no mime-type validation.

The code probably works just fine, it'll upload the file and return a success message. A junior dev might move on and assume everything is okay!

The problem comes in when a malicious user uploads a bad file that can be a virus or some kind of hack, now you have compromised your whole app and your users too!

A better approach would be to use Laravel's validator and apply some validation rule checks:

 $request->validate([
    'file' => 'required|file|image|mimes:jpeg,png,jpg,gif|max:5120'
 ]);

Advice for junior developers

Should you use AI? Absolutely! Use AI to quickly look up information and even generate code where it makes sense, this is perfectly fine.

Never! Ever! just rely on AI to make architectural decisions for you, or blindly trust it either. Simply copying and pasting code without reviewing it first is just asking for trouble. Instead, deepen your understanding by reading, learning, and always striving towards mastery.

Understanding the logic behind the code you are writing is important because AI cannot think for itself or understand the full context in which that code will run. It's just a fancy algorithm that's predicting the next best sentence, paragraph, or body of code.

The best way to become good at anything is to just roll up your sleeves and put in the work, build projects on your own without AI first, and learn the fundamentals until they become second nature.

PS: If you looking for more in-depth WebDev and AI-related content, please consider visiting and following me on my blog at kevincoder.co.za. I would really appreciate your support 🙏.

Comments 21 total

david duymelinckJan 8, 2025
I agree, never add generated code as is.

Before AI we had tutorials where people didn't add good practices, because they want to show something working. And beginners just copy-pasted the code.

I think with AI that problem could get bigger, especially when AI generates larger and larger chunks of code. I think even for seasoned developers it is going to be harder to do code checking.
You could use different AI solutions for code generation and code review, and then spot check the code. Solutions like Devin are the same as one person that is in charge of writing the code and reviewing it. We know that causes blind spots.
- Kevin NaidooJan 8, 2025
  Thanks for reading, yeah this is so true! I guess we have to be more vigilant in PRs to ensure this junk code doesn't creep in. Also, static analyzers and other related code scanners will become more important than ever.
  - Timex PeachtreeJan 10, 2025
    Yeas the code checking and best practices helps a lot, also I think making different AI models review that code can give little bit insights like having another pair of eyes 👀 reading over them.
RiyaJan 10, 2025
Great advice! Use AI as a tool, but always review and understand the code to avoid potential risks.
Ram KrishnaJan 10, 2025
github.com/Digital-Assistant/Digit...

GenAI in enterprise software setting.

Please circulate to software team leaders that you know.
Rense BakkerJan 10, 2025
Generating code with AI is super dangerous. Coding with AI assistance is amazing though. You need to know what you expect it to write, so you know the AI is wrong when it writes something else. I just use it as a tool to type faster and give me suggestions. Take a look at codeium.com/windsurf, it's amazing!
- Kevin NaidooJan 10, 2025
  Thanks. I briefly did play with "Windsurf" and others, but I didn't like it. Nothing wrong with this IDE. It worked great! Just my personal preference.
  
  VScode has Tabnine, it's mature and doesn't get in my way but is good enough to help me remember object properties and things like that, often these IDE's will suggest code that is overengineered and I end up re-writing it anyway, so why not just write it myself.
Paal Aleksander KaasaJan 10, 2025
I agree with most of what you say, but if you watch tutorial where the teacher write with ai , they have an enormous context file that they save everything ai need to know about the app it’s making.

So when you actively use the context file – normally written as .md file – the ai copilot will have a good idea about what it’s going towards. It’s good for human intelligence too, so we don’t forget where we’re heading and what’s already behind us 😊🤖

I’m not a fan of kanban lists and other check lists and I tend to forget about using it. But having a features lists , a todo lists, etc, inside cursor together with other ai context material, and keeping it up to date, is a total game changer for me. ✔️👍
- Kevin NaidooJan 10, 2025
  Thanks for reading and engaging on this topic; awesome, glad that you have a good process going there. Sounds a bit like BDD(Behavior-driven development).
  
  The only caveat is that LLMs don't read for meaning, and as your input token context grows, usually the quality of the generation drops. Now, a lot of these IDEs do use "chain of thought" prompts and Agents to get around this issue, but still, LLMs have no worldview so it'll always be a hit and a miss. Sometimes you'll get good results, other times not.
  - Paal Aleksander KaasaJan 10, 2025
    Could be a caveat, certainly. The main take away for me lately is that kanbans and todos has been outside of IDEs before cursor – that’s breaking ground – and "dead" documents, but now docs like these put to use much more than before . Before it was just an extra task updating these docs , but now you get so much more value for work documents inside IDEs.
KCJan 10, 2025
Agreed. The single most important advice for developers using AI assistants: DON'T ACCEPT ALL.
Greg BrownJan 10, 2025
AI is the new stackoverflow.... Sad.
I see time and time again young coders just blindly copy&pasting stuff generated.

We should look at AI as a "rubber ducky on steroids", it helps you out a great deal, but it is still just as susceptible to errors as we are if not more.
I time and time again have to review code and point out flaws. It is an ever going process of teaching my younger devs to take all the help with a grain of salt. Teach them to think critically at what AI or other devs suggest.

Cheers
My Lovely FriendJan 10, 2025
100% agree.
orlando villaJan 11, 2025
AI dev tools are just that... a tool!
Sorry world, magic is not real.
Rong Sen NgJan 11, 2025
AI coding tool is like an assistant. If you expect it to do everything for you you basically make yourself redundant because you know nothing at the end of the day. Not even when you're being replaced.
- Vijay sfJan 12, 2025
  Agree on that 100% , everything we talk is processed to evolve AI. Good and bad, everything
Joey SabeyJan 11, 2025
Very much how I've been treating AI; it's a fancy and nice-to-have completion engine.
Dr Ravi GulatiJan 13, 2025
"A junior dev might move on and assume everything is okay!"

"Should you use AI? Absolutely! Use AI to quickly look up information and even generate code where it makes sense, this is perfectly fine."

Two contradictory views by you. I agree on the first view but not on the second one. Although you have mentioned "Simply copying and pasting code without reviewing it first is just asking for trouble.".

I think once the beginner starts using an AI tool he will hardly put efforts on understanding the code and improvise it. I am a professor in a University and teaching programming subjects to students of masters degree since 1992. And I am saying it from my experience.
- Kevin NaidooJan 13, 2025
  Thanks for your feedback. When you look at those statements in isolation, yes they may seem contradictory. However, in the context of the entire article, my goal is to convey a message of caution.
  
  I am not telling developers to ignore AI completely, it's a tool like any other tool. The goal is to caution junior developers against blindly just copying and pasting AI-generated code.
  
  Instead, they should arm themselves with knowledge and strive toward mastery. Whether we like it or not, AI is here to stay, and it should be included in our workflow just like Docker, Python, or any other tool.
  - Dr Ravi GulatiJan 13, 2025
    I agree with your views. But what I am trying to say is that once you give a tool, that reduces your efforts, to junior developers they don't try to put extra efforts to review the AI generated code. Also, only after writing code on their own they will attain expertise to review and analyse an AI generated code.
    - Kevin NaidooJan 14, 2025
      I see, that's true and a fair point. I guess, there will be a percentage of students who use the lazy route, but that will only hurt them later in the job market.

Add comment

Kevin Naidoo @kwnaidoo