GitHub Copilot's Security Filters Don't Work

Man, I&#x27;m getting deja vu writing this comment [0]...<p>...anyways, not to be confused with Codium [1], a completely FOSS, telemetry-free build of VS Code.<p>[0] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=34433412">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=34433412</a><p>[1] <a href="https:&#x2F;&#x2F;vscodium.com&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;vscodium.com&#x2F;</a><p>Edit: and not to be confused with CodiumAI [2], an AI test generator<p>[2] <a href="https:&#x2F;&#x2F;www.codium.ai&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.codium.ai&#x2F;</a>

Keep in mind although everything here <i>seems</i> to be factual (I havent tested it myself yet), this is from Codeium, a company who could be incentivized to make Copilot look worse, as that could convince other companies use Codeium instead of Copilot.<p>That being said, I do generally agree with what Codeium says in their blog posts, such as Be Careful Where you Send Your Code [1]. Though that post&#x27;s primary purpose seems to be to advertise the on-prem solution for enterprises, it makes some valid points. Despite some minor concerns, I like Codeium as a company—as a privacy-respecting alternative to GitHub Copilot—and would like to see them suceed.<p>[1] <a href="https:&#x2F;&#x2F;codeium.com&#x2F;blog&#x2F;self-hosting-for-code-security" rel="nofollow noreferrer">https:&#x2F;&#x2F;codeium.com&#x2F;blog&#x2F;self-hosting-for-code-security</a>

Github claims to have a vulnerability prevention system that blocks Copilot from generating insecure code (<a href="https:&#x2F;&#x2F;github.blog&#x2F;2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;github.blog&#x2F;2023-02-14-github-copilot-now-has-a-bett...</a>), but it clearly doesn&#x27;t work.

How come they don’t demo their product not doing the same vulnerabilities?<p>Seems like an easy marketing win