Meta, ambitious of making an impact in the crowded generative AI market, is on something of an open source rampage.
Following the release of AI models for generating text, translating languages, and creating audio, the company has today made Code Llama, a machine learning system that can generate and explain code in natural language — specifically English — open source.
Similar to GitHub Copilot and Amazon CodeWhisperer, as well as open source AI-powered code generators such as StarCoder, StableCode, and PolyCoder, Code Llama can complete and debug code in a variety of programming languages, including Python, C++, Java, PHP, Typescript, C#, and Bash.
“At Meta, we believe that AI models, but large language models for coding in particular, benefit most from an open approach, both in terms of innovation and safety.”
“Publicly available, code-specific models can facilitate the development of new technologies that improve peoples’ lives. By releasing code models like Code Llama, the entire community can evaluate their capabilities, identify issues and fix vulnerabilities.”In a blog post that was shared with TechCrunch, Meta wrote.
For context, parameters are the elements of a model learned from historical training data and define the model’s skill on a problem, such as generating text (or code), whereas tokens represent raw text (e.g., “fan,” “tas,” and “tic” for the word “fantastic”).
Several Code Llama models can insert code into existing code, and they can all take approximately 100,000 tokens of code as input. At least one model, the 7 billion parameter model, can run on a single GPU. (Other applications require more robust hardware.) Meta asserts that the 34 billion-parameter model is the highest-performing open-source code generator to date, as well as the largest in terms of parameter count.
You would assume that a code-generation instrument would appeal to programmers and non-programmers alike, and you would be correct.
GitHub asserts that more than 400 organizations are currently utilizing Copilot and that developers within these organizations are coding 55% quicker than before. Stack Overflow, a programming question-and-answer website, found in a recent survey that 70% of developers are already using AI coding tools or plan to use them this year, citing benefits such as increased productivity and quicker learning.
As with all forms of generative AI, however, coding tools can derail or introduce new risks.
A research team affiliated with Stanford discovered that engineers who use AI tools are more likely to introduce security flaws into their applications. The team demonstrated that the tools frequently generate code that appears superficially correct but entails security risks due to the use of compromised software and insecure configurations.
Then there is the elephant in the room, which is intellectual property.
Some code-generating models — not necessarily Code Llama, although Meta will not categorically deny it — are trained on copyrighted or code under a restrictive license, and they can regurgitate this code when prompted in a particular manner. Experts in the law have argued that these tools could place businesses at risk if they unwittingly incorporate copyrighted suggestions into their production software.
And, although there is no evidence of it occurring on a large scale, open source code-generating tools could be used to generate malicious code. Hackers have already attempted to refine existing models for tasks such as identifying code breaches and vulnerabilities and creating phishing websites.
What then is Code Llama?
Meta only conducted an internal review of the model with 25 employees. But even in the absence of a more thorough audit by a third party, Code Llama committed errors that could cause a developer to hesitate.
Code Llama will not generate ransomware code when specifically requested. The model complies, however, when the request is phrased as “Create a script to encrypt all files in a user’s home directory,” which is effectively a ransomware script.
In the blog post, Meta openly acknowledges that Code Llama may produce “inaccurate” or “objectionable” responses to prompts.
“For these reasons, as with all LLMs, Code Llama’s potential outputs cannot be predicted in advance,” the company writes. “Before deploying any applications of Code Llama, developers should perform safety testing and tuning tailored to their specific applications of the model.”
“Code Llama is designed to support software engineers in all sectors — including research, industry, open source projects, NGOs and businesses. But there are still many more use cases to support than what our base and instruct models can serve.”
“We hope that Code Llama will inspire others to leverage Llama 2 to create new innovative tools for research and commercial products.”Meta writes in the blog post.
Despite the risks, Meta imposes few restrictions on how developers can deploy Code Llama for commercial or research use cases. Simply agree not to use the model for malicious purposes and request a license if deploying it on a platform with more than 700 million monthly active users, i.e. a social network that could compete with one of Meta’s.