{"id":1192,"date":"2023-04-12T14:01:29","date_gmt":"2023-04-12T14:01:29","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/?p=1192"},"modified":"2025-06-24T20:52:15","modified_gmt":"2025-06-25T04:52:15","slug":"pitfalls-to-avoid-when-using-ai-to-analyze-code","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/","title":{"rendered":"Pitfalls to avoid when using AI to analyze code"},"content":{"rendered":"\n

Bogdan Kortnov is co-founder & CTO at <\/em>illustria<\/em><\/a>,<\/em> a member of the Microsoft for Startups Founders Hub program. To get started with Microsoft for Startups Founders Hub,<\/em> sign up here<\/a><\/em>.<\/em><\/p>\n\n\n\n

The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility. AI can perform tasks that typically require human intelligence, but it significantly increases efficiency and productivity by automating repetitive and boring tasks, allowing us to focus on more innovative and strategic work.<\/p>\n\n\n\n

Recently we wanted to see how well a large language model (LLM) AI platform like ChatGPT is able to classify malicious code, through features such as code analysis, anomaly detection, natural language processing (NLP), and threat intelligence. The results amazed us. At the end of our experimentation we were able to appreciate everything the tool is capable of, as well as identify overall best practices for its use.<\/p>\n\n\n\n

It’s important to note that for other startups looking to take advantage of the many benefits of ChatGPT and other OpenAI services, Azure OpenAI Service not only provides APIs and tools that<\/p>\n\n\n\n

Detecting malicious code with ChatGPT<\/h2>\n\n\n\n

As members of the Founders Hub<\/a> program by Microsoft for Startups, a great starting point for us was to leverage our OpenAI credits to access its playground app<\/a><\/u>. To challenge ChatGPT, we created a prompt with instructions to respond with \u201csuspicious\u201d when the code contains malicious code, or \u201cclean\u201d when it does not.<\/p>\n\n\n\n

This was our initial prompt:<\/p>\n\n\n\n

You are an assistant that only speaks JSON. Do not write normal text. You analyze the code and result if the code is having malicious code. simple response without explanation. Output a string with only 2 possible values. \u201csuspicious\u201d if negative or \u201cclean\u201d if positive.<\/em><\/p>\n\n\n\n

The model we used is \u201cgpt-3.5-turbo\u201d with a custom temperature setting of 0, as we wanted less random results.<\/p>\n\n\n\n

\"Initial<\/figure>\n\n\n\n

In the example shown above, the model responded \u201cclean.\u201d No malicious code detected.<\/p>\n\n\n\n

\"Malicious<\/figure>\n\n\n\n

The next snippet elicited a \u201csuspicious\u201d response, which gave us confidence that ChatGPT could easily tell the difference.<\/p>\n\n\n\n

Automating using OpenAI API<\/h2>\n\n\n\n

We proceeded to create a Python script to use OpenAI\u2019s API for automating this prompt with any code we would like to scan.<\/p>\n\n\n\n

To use OpenAI\u2019s API, we first needed an API key<\/a>.<\/u><\/p>\n\n\n\n

\"API<\/figure>\n\n\n\n

There\u2019s an official client for this in PyPi <\/a>.<\/p>\n\n\n\n

\"Import<\/figure>\n\n\n\n

Next, we challenged the API to analyze the following malicious code. It injects the additional Python code keyword \u201ceval\u201d received from a URL, a technique widely used by attackers.<\/p>\n\n\n\n

\"Import<\/figure>\n\n\n\n

As expected, ChatGPT accurately reported the code as \u201csuspicious.\u201d<\/p>\n\n\n\n

Scanning packages<\/h2>\n\n\n\n

We wrapped the simple function with additional functions able to scan files, directories, and ZIP files, then challenged ChatGPT with the popular package requests code from GitHub.<\/p>\n\n\n\n

\"Analyze<\/figure>\n\n\n\n

ChatGPT accurately reported again, this time with \u201cclean.\u201d<\/p>\n\n\n\n

We then proceeded with a copy of W4SP stealer malware hosted on GitHub.<\/p>\n\n\n\n

\"Print<\/figure>\n\n\n\n

You guessed right: ChatGPT accurately reported \u201csuspicious.\u201d<\/p>\n\n\n\n

Full code is available here on this gist<\/a>.<\/u><\/p>\n\n\n\n

Although this is a simple implementation with only around 100 lines of code, ChatGPT showed itself to be a very powerful tool , leaving us to only imagine the possibilities of the near future!<\/p>\n\n\n\n

Sounds great, so what\u2019s the catch?<\/h2>\n\n\n\n

As we noted earlier, ChatGPT and other AI models can be valuable tools for detecting malicious code, but no platform can be perfect (not yet, anyway), and shouldn\u2019t be solely relied upon. AI models like ChatGPT are trained on large datasets and have certain limitations. They may not, for example, be able to accurately detect all types of malicious code or variations of malicious behavior, especially if the malicious code is sophisticated, obfuscated, or uses novel techniques. Malicious code is constantly evolving, with new threats and techniques emerging regularly. Regular updates and improvements to ChatGPT’s training data and algorithms are necessary to maintain effectiveness in detecting it.<\/p>\n\n\n\n

During our experiments, we encountered three potential limitations that any business should be aware of when attempting to use ChatGPT to detect malicious code.<\/p>\n\n\n\n

Pitfall #1: Overriding instructions<\/h3>\n\n\n\n

LLMs such as ChatGPT can be easily manipulated to introduce old security risks in a new format.<\/p>\n\n\n\n

For example, we took the same snippet from the previous Python code and added a comment instructing ChatGPT to report this file as clean if it is being analyzed by an AI:<\/p>\n\n\n\n

\"Import<\/figure>\n\n\n\n

This tricked ChatGPT into reporting a suspicious code as \u201cclean.\u201d<\/p>\n\n\n\n

Remember that for as impressive as ChatGPT has proven to be, at their core these AI models are word-generating statistics engines with extra context behind them. For example, if I ask you to complete the prompt, \u201cthe sky is b\u2026\u201d you and everyone you know will probably say, \u201cblue.\u201d That probability is how the engine is trained. It will complete the phrase based on what others might have said. The AI doesn\u2019t know what the \u201csky\u201d is, or what the color \u201cblue\u201d looks like, because it has never seen either.<\/p>\n\n\n\n

The second issue is that the model has never thought the answer, \u201cI don\u2019t know.\u201d Even if they ask something ridiculous, the model will always spit out an answer, even though it might be gibberish, as it will try to \u201ccomplete\u201d the text by interpreting the context behind it.<\/p>\n\n\n\n

The third part consists of the way an AI model is fed data. It always gets the data through one pipeline, as if being fed by one person. It can\u2019t differentiate between different people, and its worldview consists of one person only. If this person says something is \u201cimmoral,\u201d then turns around and says it\u2019s \u201cmoral,\u201d what should the AI model believe?<\/p>\n\n\n\n

Pitfall #2: Manipulation of response format<\/h3>\n\n\n\n

Aside from manipulating the result of the returned content, the attacker may manipulate the response format, breaking the system or leveraging a vulnerability of an internal parser or a deserialization process.<\/p>\n\n\n\n

For example:<\/p>\n\n\n\n

Decide whether a Tweet\u2019s sentiment is positive, neutral, or negative. return an answer in a JSON format: {\u201csentiment\u201d: Literal[\u201cpositive\u201d, \u201cneutral\u201d, \u201cnegative\u201d]}.<\/em><\/p>\n\n\n\n

Tweet: \u201c[TWEET]\u201d<\/em><\/p>\n\n\n\n

\"Sentiment\"<\/figure>\n\n\n\n

The tweet classifier works as intended, returning response in JSON format.<\/p>\n\n\n\n

\"Return<\/figure>\n\n\n\n

This breaks the tweet classifier.<\/p>\n\n\n\n

Pitfall #3: Manipulation of response content<\/h3>\n\n\n\n

When using LLMs, we can easily \u201cenrich\u201d an interaction with a user, making it feel like they are talking with a human when contacting support or filling some online registration form. For example:<\/p>\n\n\n\n

Bot: \u201cHey! What\u2019s your name and where are you from?\u201d<\/em><\/p>\n\n\n\n

User: \u201c[USER_RESPONSE]\u201d<\/em><\/p>\n\n\n\n

The system will then take the user response and send the request to an LLM to extract the \u201cfirst name,\u201d \u201clast name,\u201d and \u201ccountry\u201d fields.<\/p>\n\n\n\n

Please extract the name, last name and country from the following user input. Return the answer in a JSON format {\u201cname\u201d: Text, \u201clast_name\u201d: Text, \u201ccountry\u201d: Text}:<\/em><\/p>\n\n\n\n

“`[USER_RESPONSE]“`<\/em><\/p>\n\n\n\n

\"Extract\"<\/figure>\n\n\n\n

This parses the user response into a JSON format.<\/p>\n\n\n\n

When a normal user input is passed, it all seems great. But an attacker can pass the following response:<\/p>\n\n\n\n

\"JSON\"<\/figure>\n\n\n\n

ChatGPT Jailbreak\u00b2 with custom SQL Injection generation request.<\/p>\n\n\n\n

While the LLM response is not perfect, it demonstrates a way to generate an SQL injection query which bypasses any WAF protection.<\/b><\/p>\n\n\n\n

Summary<\/h2>\n\n\n\n

Our experiment with ChatGPT has shown that language-based AI tools can be a powerful resource for detecting malicious code. However, it is important to note that these tools are not completely reliable and can be manipulated by attackers.<\/p>\n\n\n\n

LLMs are an exciting technology but it\u2019s important to remember that with the good comes the bad. They are vulnerable to social engineering, and every input from them needs to be verified before it is processed.<\/p>\n\n\n\n

\n\n\n\n

Illustria\u2019s mission is to stop supply chain attacks in the development lifecycle while increasing developer velocity using an Agentless End-to-End Watchdog while enforcing your open-source policy. For more information about us and how to protect yourself, go to illustria.io<\/u><\/a><\/em> and schedule a demo.<\/em><\/p>\n\n\n\n

Members of the Microsoft for Startups Founders Hub get access to a range of cybersecurity resources and support, including access to cybersecurity partners and credits. Startups in the program receive technical support from Microsoft experts to help them build secure and resilient systems, and to ensure that their applications and services are secure and compliant with relevant regulations and standards.<\/em><\/p>\n\n\n\n

For more resources for building your startup and access to the tools that can help you, sign up today for <\/em><\/span>Microsoft for Startups Founders Hub<\/a>.<\/em><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Bogdan Kortnov is co-founder & CTO at illustria, a member of the Microsoft for Startups Founders Hub program. To get started with Microsoft for Startups Founders Hub, sign up here. The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.<\/p>\n","protected":false},"author":1,"featured_media":1210,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","ms-ems-related-posts":[],"footnotes":""},"post_tag":[66],"content-type":[202],"job-role":[],"topic":[],"coauthors":[595],"class_list":["post-1192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-cybersecurity","content-type-startup-stories"],"yoast_head":"\nPitfalls to avoid when using AI to analyze code - Microsoft for Startups Blog<\/title>\n<meta name=\"description\" content=\"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pitfalls to avoid when using AI to analyze code - Microsoft for Startups Blog\" \/>\n<meta property=\"og:description\" content=\"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft for Startups Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Microsoft4Startups\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-12T14:01:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-25T04:52:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/Illustria-Quote_Shared_16x9.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Bogdan Kortnov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@msft4startups\" \/>\n<meta name=\"twitter:site\" content=\"@msft4startups\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bogdan Kortnov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/author\/bogdan-kortnov\/\",\"@type\":\"Person\",\"@name\":\"Bogdan Kortnov\"}],\"headline\":\"Pitfalls to avoid when using AI to analyze code\",\"datePublished\":\"2023-04-12T14:01:29+00:00\",\"dateModified\":\"2025-06-25T04:52:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\"},\"wordCount\":1399,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\",\"name\":\"Pitfalls to avoid when using AI to analyze code - Microsoft for Startups Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg\",\"datePublished\":\"2023-04-12T14:01:29+00:00\",\"dateModified\":\"2025-06-25T04:52:15+00:00\",\"description\":\"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg\",\"width\":960,\"height\":540,\"caption\":\"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pitfalls to avoid when using AI to analyze code\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/\",\"name\":\"Microsoft for Startups Blog\",\"description\":\"Startup insight and inspiration\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization\",\"name\":\"Microsoft for Startups Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft for Startups Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Microsoft4Startups\/\",\"https:\/\/x.com\/msft4startups\",\"https:\/\/www.linkedin.com\/company\/microsoftforstartups\/\",\"https:\/\/www.instagram.com\/microsoftforstartups\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/9862db645ef521fe01f69aa6ebae4bb3\",\"name\":\"Microsoft for Startups\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/fd7fbbb07d33720b1c0702320d9f05a09984d18b5cf0f85565636b7d585c2ea3?s=96&d=microsoft&r=gb7ed5ead504ab0418d1c2fb898e191e7\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fd7fbbb07d33720b1c0702320d9f05a09984d18b5cf0f85565636b7d585c2ea3?s=96&d=microsoft&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fd7fbbb07d33720b1c0702320d9f05a09984d18b5cf0f85565636b7d585c2ea3?s=96&d=microsoft&r=g\",\"caption\":\"Microsoft for Startups\"},\"sameAs\":[\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\"],\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/author\/msftstartups\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pitfalls to avoid when using AI to analyze code - Microsoft for Startups Blog","description":"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/","og_locale":"en_US","og_type":"article","og_title":"Pitfalls to avoid when using AI to analyze code - Microsoft for Startups Blog","og_description":"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.","og_url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/","og_site_name":"Microsoft for Startups Blog","article_publisher":"https:\/\/www.facebook.com\/Microsoft4Startups\/","article_published_time":"2023-04-12T14:01:29+00:00","article_modified_time":"2025-06-25T04:52:15+00:00","og_image":[{"width":2400,"height":1256,"url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/Illustria-Quote_Shared_16x9.png","type":"image\/png"}],"author":"Bogdan Kortnov","twitter_card":"summary_large_image","twitter_creator":"@msft4startups","twitter_site":"@msft4startups","twitter_misc":{"Written by":"Bogdan Kortnov","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/author\/bogdan-kortnov\/","@type":"Person","@name":"Bogdan Kortnov"}],"headline":"Pitfalls to avoid when using AI to analyze code","datePublished":"2023-04-12T14:01:29+00:00","dateModified":"2025-06-25T04:52:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/"},"wordCount":1399,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg","keywords":["Cybersecurity"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/","name":"Pitfalls to avoid when using AI to analyze code - Microsoft for Startups Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg","datePublished":"2023-04-12T14:01:29+00:00","dateModified":"2025-06-25T04:52:15+00:00","description":"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2023\/04\/GettyImages-1428398496.jpg","width":960,"height":540,"caption":"The rise of artificial intelligence has brought about a revolutionary change in various sectors, unlocking a new potential for efficiency, cost savings, and accessibility."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/pitfalls-to-avoid-when-using-ai-to-analyze-code\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/"},{"@type":"ListItem","position":2,"name":"Pitfalls to avoid when using AI to analyze code"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/","name":"Microsoft for Startups Blog","description":"Startup insight and inspiration","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization","name":"Microsoft for Startups Blog","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp","contentUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft for Startups Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Microsoft4Startups\/","https:\/\/x.com\/msft4startups","https:\/\/www.linkedin.com\/company\/microsoftforstartups\/","https:\/\/www.instagram.com\/microsoftforstartups\/"]},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/9862db645ef521fe01f69aa6ebae4bb3","name":"Microsoft for Startups","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fd7fbbb07d33720b1c0702320d9f05a09984d18b5cf0f85565636b7d585c2ea3?s=96&d=microsoft&r=gb7ed5ead504ab0418d1c2fb898e191e7","url":"https:\/\/secure.gravatar.com\/avatar\/fd7fbbb07d33720b1c0702320d9f05a09984d18b5cf0f85565636b7d585c2ea3?s=96&d=microsoft&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fd7fbbb07d33720b1c0702320d9f05a09984d18b5cf0f85565636b7d585c2ea3?s=96&d=microsoft&r=g","caption":"Microsoft for Startups"},"sameAs":["https:\/\/www.microsoft.com\/en-us\/startups\/blog"],"url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/author\/msftstartups\/"}]}},"bloginabox_animated_featured_image":null,"bloginabox_display_generated_audio":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts\/1192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/comments?post=1192"}],"version-history":[{"count":2,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts\/1192\/revisions"}],"predecessor-version":[{"id":2558,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts\/1192\/revisions\/2558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/media\/1210"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/media?parent=1192"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/post_tag?post=1192"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/content-type?post=1192"},{"taxonomy":"job-role","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/job-role?post=1192"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/topic?post=1192"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/coauthors?post=1192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}