My presentation about AI and how developers can use it to be more productive. It also covers some of the security implications of AI, how we at Sonatype use AI and how developers can fight the bad guys using AI
2. @Jamie_Lee_C
Introduction
About me
Name: Jamie Lee Coleman
Current Role: Developer Advocate @ Sonatype
Past experience: Developer in Mainframe Software (CICS), WebSphere & OpenJ9 @ IBM
Twitter: @Jamie_Lee_C
Linked-In: https://www.linkedin.com/in/jamie-coleman/
6. @Jamie_Lee_C
Agenda
1. The Artificial intelligence revolution
2. Current state of AI
3. Advantages of AI (AI Generated
slides)
4. Disadvantages of AI (AI Generated
slides)
5. Should we be worried?
4. Uses for AI and Developers
1. Productivity
2. Static Analysis
3. Software Composition Analysis
4. Security
5. Sonatype and AI
6. My conclusion on AI
7. Links and stuff!
9. @Jamie_Lee_C
Originally called the imitation game by
Alan Turing
● A test of a machine's ability to exhibit
intelligent behaviour equivalent to, or
indistinguishable from, that of a
human
● If a human could not distinguish the
difference between human and AI
then the AI would have passed the
test
The Turing Test
10. @Jamie_Lee_C
● Development started in 1985
● It lost its first attempt at beating Garry Kasparov with 2 to IBM and 4 to Garry
● It was upgraded in 1997 to once again challenge Garry
● It then beat the world chess champion Garry Kasparov
● 6 Matches over several days
● 2 to IBM, 1 to the champion and 3 draws
IBM Deep Blue
11. @Jamie_Lee_C
● A question answering machine of natural language
● The computer system was initially developed to
answer questions on the quiz show Jeopardy. In 2011
it played against champions Brad Rutter and Ken
Jennings, winning the first-place prize of 1 million
USD.
● In 2013 it has been used in healthcare to diagnose
patients among other things.
IBM Watson
12. @Jamie_Lee_C
● Possibly the most advanced chatbot of its time
● Developed in Saint Petersburg in 2001 by a group of three programmers,
Vladimir Veselov, Eugene Demchenko, and Sergey Ulasen.
● Goostman is portrayed as a 13-year-old Ukrainian boy—characteristics that are
intended to induce forgiveness in those with whom it interacts for its
grammatical errors and lack of general knowledge.
● In 2005 & 2008 it finished 2nd in Turing test competitions
● In 2014 on the 60th anniversary of Turin death it convinced 33% of the judges it
was human. Some declare this as passing the Turing test.
Eugene Goostman
15. @Jamie_Lee_C
● Released on November 2022 by OpenAI
● In January 2023, it became the fastest growing consumer application in history
● Many other ChatBot systems are based of this technology such as Googles
BARD
● It has a tendency to confidently provide inaccurate information.
The dark side of ChatGPT
● In order to train it against stuff like (sexual above, violence, racism, sexism etc)
OpenAI outsources this training to Kenyan workers for less than $2 an hour.
● The outsourced laborers were exposed to such toxic and dangerous content
that they described the experience as "torture".
ChatGPT
17. @Jamie_Lee_C
Developer Productivity
Codesnippets
● Works with Java, Python, C++…
● Creates error-prone and performance-optimized codes
GitHub Copilot
● Offers intelligent coding suggestions for code snippets, functions, and methods
while coding
● Integrates seamlessly with renowned code editors, including VS Code,
JetBrains, and more.
18. @Jamie_Lee_C
AutoRegex
● Optimizes regular expression to enhance the performance of the application
● Converts English language to RegEx using Natural Language Processing (NLP)
Mintlify
● Understanding complicated functions and generating documentation.
● Quickly generating comments to understand what someone else’s function is
doing.
Developer Productivity
21. @Jamie_Lee_C
Increased Efficiency
● AI technology can automate repetitive and mundane tasks, freeing up human
resources for more complex and creative work.
● With AI, processes can be streamlined and optimized, leading to increased
efficiency and productivity.
● AI-powered systems can work 24/7 without fatigue, ensuring round-the-clock
operations.
22. @Jamie_Lee_C
Enhanced Decision-Making
● AI algorithms can analyse vast amounts of data quickly and accurately,
enabling informed decision-making.
● Machine learning algorithms can identify patterns and trends that humans
might miss, leading to better insights and predictions.
● AI can help businesses make data-driven decisions, resulting in improved
outcomes and reduced risks.
23. @Jamie_Lee_C
Improved Customer Experience
● AI-powered chatbots and virtual assistants provide instant and personalized
customer support, enhancing the overall experience.
● Recommendation systems based on AI algorithms can offer tailored product
suggestions, increasing customer satisfaction.
● Natural language processing enables AI to understand and respond to
customer queries, improving communication and engagement.
24. @Jamie_Lee_C
Cost Savings
● AI can help businesses reduce costs by automating processes, eliminating the
need for manual labour.
● Predictive maintenance powered by AI can prevent equipment failures and
reduce maintenance costs.
● AI-based inventory management systems optimize stock levels, minimizing
waste and reducing inventory costs.
25. @Jamie_Lee_C
Innovation and Creativity
● AI enables researchers and scientists to tackle complex problems by
leveraging computational power and advanced algorithms.
● AI can generate new ideas, designs, and solutions that push the boundaries of
human creativity.
● Creative industries, such as art and music, can explore new possibilities with
AI, leading to unique and ground-breaking creations.
26. @Jamie_Lee_C
Improved Safety
● AI can be employed in various industries to enhance safety and reduce risks.
● Autonomous vehicles powered by AI algorithms can reduce human error and
improve road safety.
● AI-based surveillance systems can detect anomalies and potential threats,
enhancing security measures.
27. @Jamie_Lee_C
Personalized Experiences
● AI can analyze user data and preferences to deliver personalized experiences,
such as customized recommendations and content.
● Virtual assistants can learn individual user preferences and adapt their
responses accordingly, providing tailored interactions.
● AI-powered marketing campaigns can target specific audiences with
personalized messages, increasing engagement and conversion rates.
28. @Jamie_Lee_C
Conclusion
● Artificial Intelligence offers numerous advantages across various industries.
● From increased efficiency and enhanced decision-making to improved
customer experiences and cost savings, AI is transforming the way we work
and live.
● Embracing AI technologies can unlock new opportunities and drive innovation
in the digital age.
30. @Jamie_Lee_C
Job Displacement
● AI and automation technologies have the potential to replace human workers
in various industries.
● The automation of tasks previously performed by humans could lead to job
losses and unemployment.
31. @Jamie_Lee_C
Lack of Human Judgment and Intuition
● AI systems lack the ability to exhibit human-level judgment, intuition, and
creativity.
● They are limited to the information and patterns they are trained on, which may
result in biased or incomplete decision-making.
32. @Jamie_Lee_C
Privacy Concerns
● AI systems often require vast amounts of data to operate effectively.
● Collecting and analyzing personal data raises concerns about privacy, data
security, and potential misuse of information.
33. @Jamie_Lee_C
Dependence on Technology
● Overreliance on AI technology can make societies vulnerable to system
failures and cyberattacks.
● Relying on AI for critical tasks may lead to significant consequences when
technology fails or malfunctions.
34. @Jamie_Lee_C
Ethical Considerations
● AI algorithms can perpetuate and amplify existing biases present in the data
they are trained on.
● This bias can lead to unfair or discriminatory outcomes in areas like hiring, loan
approvals, and criminal justice.
35. @Jamie_Lee_C
Lack of Emotional Intelligence
● AI systems cannot understand or empathize with human emotions and social
cues.
● This limitation makes it challenging for AI to handle sensitive or complex
situations that require emotional intelligence.
36. @Jamie_Lee_C
Unemployment and Income Inequality
● As AI automates certain jobs, it can exacerbate income inequality and create a
divide between those who benefit from AI and those who do not.
● Displaced workers may struggle to find alternative employment opportunities.
37. @Jamie_Lee_C
Lack of Accountability
● Determining responsibility and accountability for AI-generated decisions can
be challenging.
● When errors or biases occur, it can be difficult to identify who should be held
responsible for the consequences.
38. @Jamie_Lee_C
Conclusion
● While AI offers numerous benefits, it is important to be aware of its potential
disadvantages.
● Addressing these challenges requires careful consideration, regulation, and
ethical frameworks.
46. @Jamie_Lee_C
Cyber Attacks are rising in number and
sophistication
Nation states are preparing for the next war – and that is all about software
The aim is to infiltrate infrastructure and essential services…
49. @Jamie_Lee_C
Proof of domain ownership
Helps reduce malware ending up in the repository
org.apache.logging.log4j:999.999.999
org.apache.logging.logj4:2.18
org.apaceh.logging.log4j
50. @Jamie_Lee_C
Proof of domain ownership
Helps reduce malware ending up in the repository
org.apache.logging.log4j:999.999.999
org.apache.logging.logj4:2.18
org.apaceh.logging.log4j Typo-squatting
Dependency confusion
Typo-squatting
51. @Jamie_Lee_C
Proof of domain ownership
Helps reduce malware ending up in the repository
org.apache.logging.log4j:999.999.999
org.apache.logging.logj4:2.18
org.apaceh.logging.log4j
Defeated
Defeated
Allowed
53. @Jamie_Lee_C
Everything else is hard
Does the new package contain vulnerabilities?
How do you figure that out?
Do you stop code being published?
Does the new package contain active malware?
How do you figure that out?
Do you stop code being published?
How do you make sure consumers know what they getting?
55. @Jamie_Lee_C
For Maven Central
Finding out about vulnerabilities before you
select a version is straightforward
Accuracy depends on the quality of the
scanning tools, the skills of the research team
and the skills of the bad guys.
All are always getting better
59. @Jamie_Lee_C
The field of battle
● Typo-squatting
● Dependency Confusion
● Vulnerability exploitation
● Vulnerability research
● Build System compromised
● Tools compromised
● Open Source project compromise
60. @Jamie_Lee_C
The field of battle
● Typo-squatting
● Dependency Confusion
● Vulnerability exploitation
● Vulnerability research
● Build System compromised
● Tools compromised
● Open Source project compromise
Maven Central is
evolving to give you
more insight and
better defenses
66. @Jamie_Lee_C
Modern Face of Cybercrime
• Perception –
• Difficult Tasks
• Detailed Plots
• High Tech
• Elaborate Schemes
• Reality –
• Simplicity, Effectiveness and user
centered thinking
• MaaS - DuckLogs, Redline Stealer,
Racoon and Z3US
• They have Active Support
Channels!
67. @Jamie_Lee_C
Script Kiddies
“most of the malicious packages are
not the product of a quirky genius in
a hoodie coding from a dark
basement filled with monitors”
•Young…not always
•Inexperienced…not always
•Hackers…not always ☺
69. @Jamie_Lee_C
Initially hosted on the GitHub repo “joeldev27” when it was
used by the PyPI packages pycracker and pyobfpremium,
and rendered inactive soon after
73. @Jamie_Lee_C
• What can be used for good can also be
used for evil
• Prompt kiddies are out there
Prompt Kiddies are here
https://hackernoon.com/bad-actors-are-joining-the-ai-revolution-heres-what-weve-found-in-the-wild
75. @Jamie_Lee_C
In 2016 Cybercrime surpassed the
drug trade!
$450 Billion a year
$14,000 a second
Equivalent to 50 US Nimitz Class
Aircraft carriers
Cyber Crime Facts
78. @Jamie_Lee_C
United States: $20.89 trillion
China: $14.72 trillion
Cyber Crime: $6 trillion
Japan: $5.06 trillion
Germany: $3.85 trillion
India: $2.65 trillion
United Kingdom: $2.63 trillion
France: $2.58 trillion
If Cybercrime was a country by GDP in 2022
95. @Jamie_Lee_C
My Conclusion
● AI is not going to take most of our jobs any time soon
● Current AI technology has been around a while
● AI has got popular lately because of how easy it is to use
● AI can make us much more productive
● AI can be used for Evil
● We can use good AI to fight evil AI
96. @Jamie_Lee_C
History of AI
https://www.javatpoint.com/history-of-artificial-intelligence
History of software supply chain attacks
https://www.sonatype.com/resources/vulnerability-timeline
State of the software supply chain report:
https://www.sonatype.com/state-of-the-software-supply-chain/
LOG4J download data:
https://www.sonatype.com/resources/log4j-vulnerability-resource-center
5 AI Tools for Developers
https://medium.com/geekculture/5-ai-tools-every-software-developer-
should-be-using-in-2022-afc4fb149c60
Photoshop Generative Fill
https://www.adobe.com/products/photoshop/generative-fill.html
AI tools to build apps faster
https://geekflare.com/ai-tools-for-developers/
Useful Links