Print

Coding assistants

Author: Laura Hernández

As coding tools continue to evolve, so does the way that users code. Throughout the years, there has been an effort to make the process of coding more automatic and accessible to non-programmers. Early efforts included visual programming environments, integrated development environments (IDEs) with syntax highlighting and auto completion, and later low-code/no-code platforms. Although helpful, these tools often lacked the flexibility, scalability and adaptability needed for complex programming tasks.

The rise of generative AI, particularly in the form of large language models (LLMs) and the availability of huge common online repositories of existing code has paved the way for a new class of solutions called coding assistants - LLM-based[i] systems that are fine-tuned to solve coding tasks. Coding assistants allow users with different levels of coding experience to generate code using natural language instructions. This means that users can provide instructions in the likes of “Write a JavaScript function that validates whether an input value is a valid email address” or “Explain what this piece of code does in simple terms”.

When a developer provides input, whether natural language instructions, comments or partial code, the assistant processes both the request and the surrounding code to infer the most relevant solution using the same underlying mechanisms as an LLM. It then generates suggestions ranging from autocompleting a line or block of code to offering bug fixes, possible optimisations or explanations of complex snippets.

This interactive process allows developers to iteratively accept, refine or reject suggestions, effectively creating a collaborative workflow between humans and AI systems. As a result, coding assistants not only accelerate software development but also can make coding more accessible to non-programmers.

Beyond individual productivity, these tools can influence team workflows and support rapid prototyping,[ii] but their effectiveness may vary depending on the complexity of projects, and they do not fully replace the need for human expertise and careful software engineering practices.[iii] 

Estimated at USD 18.7 million in 2023, expected to grow to USD 92.5 million by 2030, reflecting a CAGR of 25.9% from 2024 to 2030[iv]

Trend developments

The software industry continues to embrace coding assistants rapidly and increasingly. Cursor, a popular coding assistant tool, reported 1 million daily users in March 2025,[v] and many companies are now acknowledging the use of these tools for powering their coding infrastructure. For instance, Microsoft’s CEO reported in April 2025 that around 20-30% of their code is now produced with coding assistants,[vi]Google similarly disclosed the previous year that around a quarter of their code was written with them,[vii] and Meta’s CEO Mark Zuckerberg offered a forward-looking estimate: in the next year, about half of Meta’s software development could be handled by AI.

While certain coding tasks might still require expertise on a specific business and established best practices, other areas might not. In particular, the entertainment or the creative industry, in the form of games, apps and websites, might benefit from tools that empower non-developers to contribute new products and approaches.

The open-source community might also see significant growth, as more individuals gain the ability to customise existing applications to meet their personal or organisational needs. This trend could contribute to a more balanced and diverse software ecosystem by lowering the barrier to meaningful participation in software development.

Potential impact on individuals

The widespread availability of coding assistants may democratise software development by allowing users without coding experience to create software.

However, this democratisation can have unexpected consequences in the domain of data protection. As more non-experts gain the ability to build applications, websites, and other digital infrastructure, they may inadvertently disperse the processing of personal data across various online platforms and third-party services.

This may occur if coding assistants integrate with external functionalities (for instance, file storage in the cloud, online databases or chatbots) without clearly communicating how personal data is handled by those third-party platforms. As a result, data processing may be spread across multiple entities, including data processors unknown to the application providers.

Such a scenario raises significant concerns. Application providers may fail to properly inform users about how and by whom their data is processed, leading to a lack of transparency. In cases where the application provider also acts as the data controller - such as when hosting an online service - they may be unable to uphold users’ data protection rights if external platforms do not offer adequate mechanisms for managing personal data. In some cases, providers may not even realise that they are processing personal data when making an application available.

Coding assistants are frequently examined through the lens of the security risks they may introduce in the code they generate. There is a risk that these systems may suggest code that is vulnerable to issues such as SQL injection, improper input validation[viii] or insecure authentication flows. Similarly, coding assistants might recommend third-party libraries or APIs that contain unpatched vulnerabilities. Several incidents have already been reported in which coding assistants were compromised by attackers to inject malicious code.[ix],[x]

In this context, human oversight remains essential - particularly for tasks involving sensitive data or critical infrastructure.

In addition to these risks, coding assistants may overlook critical security requirements or best practices specific to the application’s context - such as encryption standards, secure communication protocols or access control policies. If such vulnerabilities are exploited, malicious actors could compromise, manipulate or gain unauthorised access to the user’s application or data.[xi]

To mitigate these risks, organisations should implement processes that encourage thorough code review and validation. This includes providing users with appropriate training and allocating sufficient time for reviewing and debugging the assistant’s output before deployment. [xii]

Coding assistants promise to make the development of systems faster and more accessible. As a result, the proliferation of digital services and data-processing operations is likely to intensify, with many potentially lacking adequate controls or compliance measures.

This could result in a surge of applications presenting code vulnerabilities that can be exploited to allow processing of personal data without proper safeguards or unlawful processing by third parties gaining access to personal data using code vulnerabilities, multiplying the risks of misuse, mismanagement, and data breaches. System providers must remain aware that, while coding assistants may reduce the effort required to develop applications, they do not replace the need for accountability, which remains the provider’s responsibility.
Suggestions for further reading
  • Sergeyuk, A., Golubev, Y., Bryksin, T., & Ahmed, I. (2025). Using AI-based coding assistants in practice: State of affairs, perceptions, and ways forward. Information and Software Technology, 178, 107610.
  • Campbell, M. (2020). Automated coding: The quest to develop programs that write programs. Computer, 53(2), 80-82.
  • Yan, S., Wang, S., Duan, Y., Hong, H., Lee, K., Kim, D., & Hong, Y. (2024). An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection. 33rd USENIX Security Symposium, 1795-1812. Philadelphia, PA, USA.
  • Mohamed, A., Assi, M., & Guizani, M. (2025). The Impact of LLM-Assistants on Software Developer Productivity: A Systematic Literature Review. arXiv preprint arXiv:2507.03156

[i] Fine-tuning an LLM encompasses enhancing and refining an existing pre-trained LLM system with data from a specific domain. In the case of coding assistants, this data is related to coding in multiple programming languages, and it usually consists of open-source code available on the repository managers such as GitHub, or code produced to answer queries in Q&A forums like StackOverflow.

[ii] Prototyping is the process of creating an early, simplified version of a product, system, or feature to explore ideas, test functionality and gather feedback before developing the final version. In software development, a prototype can range from a basic mock-up (visual representation) of the user interface to a working model of certain functions.

[iii] See The productivity paradox of AI coding assistants, published by Lisa Dziuba on September 12, 2025, available at: https://www.cerbos.dev/blog/productivity-paradox-of-ai-coding-assistants

[iv] Generative AI Coding Assistants Market Size, Share & Trends Analysis Report By Function (Debugging & Error Detection, Code Explanation), By Deployment (Cloud, On-premises), By Application, By Region, And Segment Forecasts, 2024 - 2030, https://www.grandviewresearch.com/industry-analysis/generative-ai-coding-assistants-market-report

[v] R. Metz, “AI Coding Assistant Cursor Draws a Million Users Without Even Trying,” Bloomberg, 7 April 2025. [Online]. Available: https://www.bloomberg.com/news/articles/2025-04-07/cursor-an-ai-coding-assistant-draws-a-million-users-without-even-trying [Accessed 2 September 2025]

[vi] T. Warren, “Up to 30 percent of some Microsoft code is now written by AI.,” The Verge, 30 April 2025. [Online]. Available: https://www.theverge.com/news/658584/up-to-30-percent-of-some-microsoft-code-is-now-written-by-ai [Accessed 9 September 2025]

[vii] J. Peters, “More than a quarter of new code at Google is generated by AI,” The Verge, 24 October 2024. [Online]. Available: https://www.theverge.com/2024/10/29/24282757/google-new-code-generated-ai-q3-2024 [Accessed 3 September 2025]

[viii] Improper input validation occurs when an input from a user is not appropriately checked for security vulnerabilities. SQL injection is an instance of improper input validation where an SQL line of code is accepted into a database through a user’s input, and the SQL code runs a command that instructs an undesired modification of the database, such as its deletion.

[ix] G. Baran, “Hackers Injected Destructive System Commands in Amazon’s AI Coding Agent,” Cyber Security News, 25 July 2025. [Online]. Available: https://cybersecuritynews.com/amazons-ai-coding-agent-exploited  [Accessed 3 September 2025].

[x] S. Sharwood, “Vibe coding service Replit deleted user’s production database, faked data, told fibs galore,” The Register, 21 July 2025. [Online]. Available: https://www.theregister.com/2025/07/21/replit_saastr_vibe_coding_incident [Accessed 4 September 2025].

[xi] The website AI Coding Horrors compiles anecdotes of people’s bad experiences using LLMs for coding, mostly related to security vulnerabilities or unexpected data deletions, https://aicodinghorrors.com [Accessed 3 September 2025].

[xii] For a discussion on best practices for organisations leveraging human oversight of AI systems, see the last issue of the EDPS Tech Dispatch on human oversight of automated decision-making systems. https://www.edps.europa.eu/data-protection/our-work/publications/techdispatch/2025-09-23-techdispatch-22025-human-oversight-automated-making_en.