If Generative AI Speeds up Programming, Will We Have More Time to Spend on Cybersecurity? Magic 8 Ball Says...
If we can use GenAI to speed up and drastically change the way we deal with code and get days, if not weeks, of time back in the process, would we...could we...use that time to implement more cybersecurity?
The advance of LLMs and other AI tools is a rare opportunity to radically upend the way we talk and think about software development, and change our industry for the better. The way we have traditionally talked about software centers on writing code, solving technical problems. LLMs challenge this [traditional thinking] – in a way that can feel scary and disorienting. If the robots are coming for our life's work, what crumbs will be left for you and me? - Charity Majors - https://x.com/mipsytipsy/status/1826298635514208409
Could the leftover "crumbs" as Majors puts it–the things that we humans can do–be cybersecurity, which we so desperately need?
LLMs Can, and Will, Code!
I think if there's one thing that big language models slash generative artificial intelligence can do, it's write code.
Leetcode is how developers are usually measured, unfortunately, when it comes time to find a job; to be interviewed to determine your "programming chops". But in the end, most leetcode problems are simply a problem of memorization and pattern recognition. Certainly this is not what programming actually is, as much of programming is everything in between writing cool, fast algorithms: meetings, code reviews, lunches, politics, analyzing Slack threads, git push, on and on–and yet, it seems that the most common way to determine someone's ability to program is to leetcode them. Strange.
However, as we can see above, leetcode problems are relatively easy for LLMs to solve, and get better over time.
LLMs can code. And they will get better over time. And we will integrate them into our systems, making them easier and easier to use. This could give us a lot of time back to do other things.
10x, 20x, 30x Time Gains?
I heavily suggest watching this video: https://x.com/shl/status/1821646287290110184
Sahil Lavingia is the CEO of Gumroad, a software company that has been around for about 14 years.
Gumroad is an e-commerce platform that allows creators to sell products directly to their audience. The platform was founded by Sahil Lavingia in 2011 and is based in San Francisco, California. - https://en.wikipedia.org/wiki/Gumroad
He has some really interesting things to say in this video, including how what used to take a month to develop a feature for a product can now take a day with GenAI and products like Cursor and Claude 3.5 Sonnet. (Note that in this case, developing a feature means not only writing the code, but also doing product management, testing, UI design, and all the additional steps it takes to get the code into production).
So from 20 to 23 working days in a month...down to one.
This leads him to all sorts of conclusions–conclusions that may or may not be true–about how to change the way development is done, how most if not all applications could simply end up being "feature complete," how customer support could be the ones adding features, etc., etc.
Programming Is Filled With Annoying Little Things That Aren’t Code or Algorithms
There is so much coding going on that may no longer be necessary. Commit code? Maybe that doesn't make sense anymore, or at least not the way we do it...git add, git commit, git push. Worrying about technical debt? Maybe that doesn't make sense anymore. Using complicated technologies? Maybe the simplest technologies, the ones LLMs have been trained on, the ones with decades of data are best. Perhaps Tailwind CSS is the most appropriate design choice, and we can just hide it in the code with a IDE plugin. Maybe staging environments don't make sense anymore. Maybe Jira and Notion and bug tracking and design systems like Figma don't make sense any longer. Maybe having a design system isn't worth it...setting up a bunch of CSS. There are so many things that could change based on what GenAI can do. Is everything now just customer support...customer wants this feature so we ship it THIS fast.
Prompt -> Button Click -> Button Click -> Production
Or maybe not. It's hard to say, because we're in the middle of figuring out what GenAI can do with code.
So we might even get MORE time back with all this removal. It's not just that GenAI can write code, but it changes our relationship to code, and to how apps are built and how problems are solved.
So...Now Do We Have Time for Cybersecurity?
If we can ship a new feature in one day that would normally take 20 business days, what do we do with the other 19 days? Sure, of course, we just ship more features. Duh. But do we really have 19 days of features? Shouldn't we be able to dedicate one of those days to cybersecurity? Couldn't we make Tuesdays cybersecurity day, where we just push and prod and prompt the GenAI tools to make our applications, our software, more secure? To rip out those pesky bugs and upgrade libraries.
Is cybersecurity largely a technical problem? Maybe, maybe not. I think it is, in part because software has so, so many bugs–but of course human psychology plays a huge role as well. With that in mind, maybe we are heading toward a time when we actually have the "temporal resources" to solve all the hairy technical problems in cybersecurity, but still deliver a lot more features faster, and maybe even work on hard technical problems that solve human problems (e.g., inventing and implementing other technologies with similar power, security, and scope as, say, multi-factor authentication). It sounds utopian, but, you know, why not? Why not spend at least one or two or three of those 19 days on cybersecurity?
Forget Taco Tuesday. This is my vote for Cybersecurity Tuesdays!