cs.SEcs.CRcs.HC
Security Concerns in Generative AI Coding Assistants: Insights from Online Discussions on GitHub Copilot
Apr 9, 2026
This paper analyzes online developer discussions to identify four major security concerns—data leakage, code licensing, adversarial attacks, and insecure suggestions—associated with using generative AI coding assistants like GitHub Copilot.
Generative Artificial Intelligence (GenAI) has become a central component of many development tools (e.g., GitHub Copilot) that support software practitioners across multiple programming tasks, including code completion, documentation, and bug detection. However, current research has identified significant limitations and open issues in GenAI, including reliability, non-determinism, bias, and copyright infringement. While prior work has primarily focused on assessing the technical performance of these technologies for code generation, less attention has been paid to emerging concerns of software developers, particularly in the security realm. OBJECTIVE: This work explores security concerns regarding the use of GenAI-based coding assistants by analyzing challenges voiced by developers and software enthusiasts in public online forums. METHOD: We retrieved posts, comments, and discussion threads addressing security issues in GitHub Copilot from three popular platforms, namely Stack Overflow, Reddit, and Hacker News. These discussions were clustered using BERTopic and then synthesized using thematic analysis to identify distinct categories of security concerns. RESULTS: Four major concern areas were identified, including potential data leakage, code licensing, adversarial attacks (e.g., prompt injection), and insecure code suggestions, underscoring critical reflections on the limitations and trade-offs of GenAI in software engineering. IMPLICATIONS: Our findings contribute to a broader understanding of how developers perceive and engage with GenAI-based coding assistants, while highlighting key areas for improving their built-in security features.
Understanding User Privacy Perceptions of GenAI Smartphones
This study investigates user perceptions of privacy risks associated with GenAI…
Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in C…
Analyzing Reddit discussions, the paper finds that while security practitioners…
Stand-Alone Complex or Vibercrime? Exploring the adoption and innovation of GenAI tools, coding assi…
The paper analyzes the real threat of GenAI in cybercrime, arguing that while hi…
Uncovering Relationships between Android Developers, User Privacy, and Developer Willingness to Redu…
The study surveyed Android developers to assess their willingness to adopt chang…
Software Supply Chain Smells: Lightweight Analysis for Secure Dependency Management
The paper introduces 'software supply chain smells,' structural indicators of se…
UK AISI Alignment Evaluation Case-Study
The study evaluated four frontier AI models to assess their reliability in follo…
Is Monitoring Enough? Strategic Agent Selection For Stealthy Attack in Multi-Agent Discussions
The paper develops a novel attack method for multi-agent discussions under conti…
LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Securit…
The paper analyzes GitHub security advisories for LLM-integrated open-source sys…