We conduct the first large-scale user study examining how users interact with
an AI Code assistant to solve a variety of security related tasks across
different programming languages. Overall, we find that participants who had
access to an AI assistant based on OpenAI's codex-davinci-002 model wrote
significantly less secure code than those without access. Additionally,
participants with access to an AI assistant were more likely to believe they
wrote secure code than those without access to the AI assistant. Furthermore,
we find that participants who trusted the AI less and engaged more with the
language and format of their prompts (e.g. re-phrasing, adjusting temperature)
provided code with fewer security vulnerabilities. Finally, in order to better
inform the design of future AI-based Code assistants, we provide an in-depth
analysis of participants' language and interaction behavior, as well as release
our user interface as an instrument to conduct similar studies in the future.Comment: 18 pages, 16 figure