Sonar today provides a service that promises to improve the quality of the code generated by large language models by significantly reducing the number of security vulnerabilities and bugs created.

Designed to be used by organizations that are training artificial intelligence (AI) models, SonarSweep discovers issues in code that can then be used to retrain an AI model to identify and eliminate.

Harry Wang, chief growth officer for Sonar, said that approach can reduce the number of cybersecurity vulnerabilities and the number of bugs created by as much as 67% and 42%, respectively.

Beyond the providers of foundational models, it’s not clear how many organizations are distilling their own AI models to write code, but as AI continues to evolve, there will soon be many more smaller language models that will be trained using code that has been vetted by an internal application development team.

Currently, the quality of the code generated by LLMs can vary widely. Most of them have been trained using examples of code that often contain vulnerabilities and bugs that are then randomly replicated within the code generated by an AI tool. DevSecOps teams are then tasked with reviewing that code to eliminate these issues before code is deployed in a production environment. However, as more code is generated by AI coding tools, the volume of vulnerabilities and bugs that need to be discovered and remediated can quickly become overwhelming.

SonarSweep addresses that issue by systematically applying reinforcement techniques to remediate, optimize, and secure coding datasets used to train models, said Wang.

That capability also significantly reduces the total cost of training AI models because organizations will be able to use earlier versions of LLMs versus, for example, using a ChatGPT 5 model that, while improving the quality of the code generated, also generates more complex code, noted Wang.

The SonarSweep service itself is based on an AI code review platform the company developed that is already being used to analyze 750 billion lines of code each day for more than seven million developers that build applications for more than 400,000 organizations, including Barclays, MasterCard and T-Mobile. Sonar already supports more than 35 programming languages, which SonarSweep will be extended to support as the service continues to evolve, said Wang.

Hopefully, the quality of the code being generated by AI coding tools will substantially improve in the months and years ahead as foundational AI models continue to improve. In the meantime, each DevOps team will need to evaluate the degree to which it might make financial sense to build its own smaller language model for specific use cases in, for example, a vertical industry sector. While the cost of building and maintaining those models can be significant, larger enterprise IT organizations clearly have the resources to build AI models that they can employ to generate code with greater confidence, noted Wang.

Regardless of approach, the one thing that is clear at this point is that AI tools that generate more flawed code than ever are quickly becoming too much of a potentially good thing.