AI-powered coding assistant tools have revolutionized the software engineering ecosystem. However, prior work has demonstrated that these tools are vulnerable to poisoning attacks. In a poisoning attack, an attacker intentionally injects maliciously crafted insecure code snippets into training datasets to manipulate these tools. The poisoned tools can suggest insecure code to developers, resulting in vulnerabilities in their products that attackers can exploit. However, it is still little understood whether such poisoning attacks against the tools would be practical in real-world settings and how developers address the poisoning attacks during software development. To understand the real-world impact of poisoning attacks on developers who rely on AI-powered coding assistants, we conducted two user studies: an online survey and an in-lab study. The online survey involved 238 participants, including software developers and computer science students. The survey results revealed widespread adoption of these tools among participants, primarily to enhance coding speed, eliminate repetition, and gain boilerplate code. However, the survey also found that developers may misplace trust in these tools because they overlooked the risk of poisoning attacks. The in-lab study was conducted with 30 professional developers. The developers were asked to complete three programming tasks with a representative type of AI-powered coding assistant tool, running on Visual Studio Code. The in-lab study results showed that developers using a poisoned ChatGPT-like tool were more prone to including insecure code than those using an IntelliCode-like tool or no tool. This demonstrates the strong influence of these tools on the security of generated code. Our study results highlight the need for education and improved coding practices to address new security issues introduced by AI-powered coding assistant tools.

翻译：基于AI的编码辅助工具已彻底改变了软件工程生态系统。然而，先前研究表明这些工具容易受到投毒攻击。在投毒攻击中，攻击者故意将恶意构造的不安全代码片段注入训练数据集以操纵这些工具。被投毒的工具可能向开发者建议不安全的代码，导致其产品出现可被攻击者利用的漏洞。然而，目前尚不清楚针对这些工具的投毒攻击在真实场景中是否切实可行，以及开发者在软件开发过程中如何应对投毒攻击。为了理解投毒攻击对依赖AI编码助手的开发者的实际影响，我们开展了两项用户研究：一项在线调查和一项实验室研究。在线调查涵盖238名参与者，包括软件开发者和计算机科学专业学生。调查结果显示，参与者广泛采用这些工具，主要目的是提高编码速度、消除重复劳动以及获取样板代码。但调查也发现，开发者可能对这些工具产生误信，因为他们忽视了投毒攻击的风险。实验室研究邀请了30名专业开发者参与。开发者被要求使用在Visual Studio Code上运行的代表性AI编码辅助工具完成三项编程任务。实验室研究结果表明，相较于使用类似IntelliCode的工具或不使用任何工具的开发者，使用类似ChatGPT的受污染工具的开发者更倾向于包含不安全代码。这证明了这些工具对生成代码安全性的强大影响力。我们的研究结果强调，需要通过教育和改进编码实践来应对AI编码辅助工具引入的新安全问题。