What's next for GenAI in code, dev, security, compliance
Meet Eran Yahav, a professor at the Technion and co-founder and CTO of Tabnine, the AI code assistant that accelerates and simplifies software development while keeping code private, secure, and compliant.
We recently sat down for a detailed conversation about what’s next for GenAI from the perspective of a leader in the space; Eran’s Tabnine is the top coding assistant only after Microsoft’s Co Pilot, with total code privacy and zero data retention.
Q: How will AI tools transform the development of business applications? What are the implications for security and compliance?
We’re entering a phase where delegation becomes the key driver of productivity. Imagine delegating the creation of a React application to AI, much like offshoring to a development team. The AI takes the task, implements it, and delivers the result. However, this only works if the cost of specifying what you want and validating the output is significantly lower than doing it manually.
Trust in AI-generated code is critical. If you spend more time reviewing AI output than you save by automating it, you lose the productivity gains. The challenge is building systems where the AI-generated code is secure and compliant by default. Without that trust, adoption will face significant barriers.
Q: How do you see differentiation between AI coding tools evolving in the long term?
The key differentiators will be privacy, personalization, and integration with organizational workflows. Privacy means that sensitive organization data is kept private and not leaked to third parties, it also means that the AI respects organizational permissions and authorizations. Personalization is about adapting the AI to the specific organization — codebase, knowledge base, best practices, and requirements.
For example, a generic AI might write code that connects directly to a database because that's the simplest method. But in an enterprise setting, you’d expect the AI to recognize and integrate with existing microservices. Long-term success will depend on the ability to generate code that isn’t just functional but aligns with the organization’s established standards and practices.
Q: What role will AI play in shifting security responsibilities earlier in the development process?
This concept, often called "extreme shift-left," is about generating secure code by construction. Ideally, the AI would not generate insecure code at all—it wouldn’t even reach the IDE. While we’re not there yet, tools are already enabling deeper code reviews and integrating security best practices directly into the development process.
In the future, we aim for AI to self-review its work, adhering to security guidelines and organizational standards before presenting the output. This would dramatically reduce the need for manual review and ensure that secure practices are embedded in the code from the start.
Q: Will AI-generated code lead to increased technical debt, or is it moving us toward disposable coding?
It depends on the domain. Some applications, like a simple React car catalog for example, are inherently disposable or regenerable. For these, you don’t need to deeply review the underlying code because you can validate the functionality visually.
However, for complex systems where code serves as the definitive specification, generating high-quality code is essential. If AI-generated code isn’t validated effectively, you risk overburdening senior engineers with endless reviews, negating the productivity benefits. That’s why validation agents, like those we’re developing, are so important—they help ensure the AI adheres to organizational best practices, minimizing the risk of accumulating technical debt.
Q: How does Tabnine handle the risk of validation bottlenecks in AI-generated code? What about validation at scale?
Validation is the current bottleneck of AI-assisted development. Without robust validation, you might end up overwhelming your most skilled engineers with the task of reviewing AI-generated code. To address this, Tabnine has invested in validation agents that review code according to organizational standards.
These agents don’t rely on generic evaluations from models but instead use tailored rules, which can be defined by humans or learned from historical data. They also generate fixes and ensure that generated code aligns with organizational best practices. This approach reduces the burden on engineers and ensures the generated code is trustworthy and actionable.
For scaling, our validation module uses tailored agents to review generated code, ensuring it aligns with an organization’s standards. These agents don’t rely on generic large language model evaluations; they’re trained on an organization’s historical reviews and best practices.
Additionally, the module includes features like automatic test generation, helping achieve specific coverage targets (e.g., 80%). Validation is the bottleneck in generative AI adoption, and we’re tackling it head-on to make AI-generated code trustworthy and production-ready.
Q: What’s your perspective on how AI changes the nature of the software engineer’s role?
The role of a software engineer has never been about writing code—it’s about solving business problems using software. Code is just the byproduct of that process, almost like toxic waste. If you can solve those problems without writing a single line of code, that’s a win.
That said, AI will change the way engineers work. Tasks like prompting AI to create a React application are already shifting to no-code or low-code approaches. Earlier generations of no-code tools were underwhelming, but generative AI is making these approaches viable for more complex applications. Engineers will need to adapt, focusing less on writing code and more on guiding and validating what the AI generates.
Q: Will the engineering profession shorten in lifespan as AI advances?
I don’t think so. Writing software is not just about getting an executable; it’s about discovering the specification. When you start a project, you don’t know everything about what the final product should be. As you build, you iterate and refine—changing layouts, syncing better processes, and so on.
AI might help us operate at higher levels of abstraction, but humans will still be necessary to guide the discovery process and fine-tune the results. The same was said about programming when garbage collection emerged—“What will programmers do if they don’t manage memory?” Yet here we are, working at even higher abstractions. It’s an evolution, not an extinction.
Q: How can organizations balance the opportunities and risks of AI-generated code, especially concerning tech debt?
I spoke with a customer who was concerned that AI tools might generate 30% more code. His reaction was, “That’s terrible—we’re already drowning in code!” This highlights a critical risk: without proper validation, the flood of AI-generated code could lead to more technical debt.
The solution lies in integrating validation agents that can review AI-generated code in the context of organizational standards. These agents can provide both feedback and fixes, ensuring that generated code isn’t just functional but also maintainable. Without this, the productivity gains from AI could be wiped out by the burden of reviewing and managing low-quality output.
Q: What do you think about the growing focus on prompt engineering? Is this just another trend like no-code tools?
Prompt engineering might play a role for now, but I don’t see it becoming the primary way engineers work. Asking AI to generate something like a React application through prompts is clunky and not what engineers aspire to do.
Generative AI is enabling a true no-code revolution for specific types of applications, but it won’t replace engineering workflows entirely. The focus will likely remain on higher-value tasks where engineers guide AI toward solving more complex and specific problems. The aim is to make tools like Tabnine adaptable to future workflows, whether they involve prompts, APIs, or entirely new interfaces.
Q: What is the long-term impact of generative AI on enterprise coding practices?
In enterprises, the challenge isn’t generating basic functionality—any AI can create a React car catalog. The hard part is integrating new functionality into a complex ecosystem of existing microservices, databases, and workflows.
The long-term differentiation for AI coding tools will come from their ability to understand and adapt to organizational practices. For example, instead of generating code that connects directly to a database (which might be fine for tutorials), AI tools need to know that enterprises rely on middleware, logging, and other practices. This context awareness will separate the successful tools from the rest.
We’re proud to include Tabnine as one of our earliest investments, and our first investment in Gen AI, in early 2020.
