Ensuring Code Quality and Security in AI assisted Software Engineering

Overview

We believe AI-assisted development is transforming how organisations build software, but without the right controls it introduces quality risks and security vulnerabilities. This course equips learners to use AI tools effectively while maintaining ownership of code quality, security, and compliance.

Learners will explore common failure patterns in AI-generated code, including hallucinated APIs, hidden complexity, and missing edge cases. Through hands-on labs and scenario-based exercises, they will apply testing, static analysis, and secure coding practices to real-world challenges. The course also addresses governance, intellectual property, and responsible AI use, ensuring learners can apply skills safely within organisational policies.

By the end of the day, learners will be able to critically assess AI-generated outputs, reinforce them with robust engineering practices, and confidently integrate AI into modern software development workflows.

Prerequisites

Participants should have:

• Experience writing code in at least one programming language
• Familiarity with software development practices such as version control and testing
• Basic understanding of application security concepts
• Awareness of AI-assisted tools such as GitHub Copilot or similar

Target audience

This course is designed for:

• Software developers and engineers using or adopting AI-assisted coding tools
• Technical leads responsible for code quality and security standards
• DevOps and platform engineers integrating automation into development workflows
• Organisations adopting AI in software development as part of a wider transformation pathway

Objectives

By the end of this course, learners will be able to:

• Use AI-assisted development tools while maintaining accountability for code quality and security
• Identify common defects and risks in AI-generated code, including logical errors and insecure patterns
• Apply testing strategies, static analysis, and automated quality checks to AI-assisted workflows
• Detect and remediate security vulnerabilities aligned to OWASP Top 10 risks
• Refactor AI-generated code to improve maintainability, performance, and robustness
• Evaluate when AI-generated outputs can be trusted and when additional validation is required
• Contribute to organisational governance frameworks for responsible AI-assisted development

Outline

Kick off and AI landscape

• Overview of AI-assisted development tools and capabilities
• Demonstration of model comparison tools and prompting approaches
• Productivity gains versus quality and security trade-offs
• Group discussion on current AI usage in development workflows
• Lab: evaluating AI-generated code quality
• Analyse AI-generated outputs against a structured checklist
• Identify correctness, maintainability, and security issues
• Annotate and prioritise findings based on risk

Challenge exercise: task management API

• Generate a task manager with dependencies and scheduling logic
• Detect circular dependencies and resource conflicts
• Evaluate implementation against business requirements
• Apply structured code review techniques

Understanding AI quality pitfalls

• Common failure patterns in AI-generated code
• Hallucinated APIs and incorrect assumptions
• Hidden complexity and over-engineering
• Missing edge cases and inconsistent logic
• Maintaining coding standards across human and AI contributions
• Integrating linters, formatters, and automated code review tools
• Discussion on pull request and review practices

Lab: testing and refactoring AI code

• Generate and execute AI-created unit tests
• Identify gaps in test coverage and missing scenarios
• Validate behaviour across edge cases such as invalid inputs and concurrency
• Refactor code for clarity, modularity, and maintainability
• Implement logging, error handling, and performance improvements

Challenge exercise: e-commerce pricing engine

• Build pricing logic with discounts, tax, and promotions
• Identify issues such as incorrect calculations and edge cases
• Improve test coverage and ensure deterministic outcomes
• Apply static analysis and quality gates

Security in AI assisted development

• Introduction to OWASP Top 10 risks in AI-generated code
• Common vulnerabilities in authentication, data handling, and APIs
• Security scanning and dependency analysis tools
• Aligning secure coding practices with AI workflows

Lab: spot and fix vulnerabilities

• Analyse AI-generated user management system
• Identify vulnerabilities including:
• Broken access control
• Weak cryptographic practices
• Injection flaws
• Authentication weaknesses
• Compare manual review with automated security tool outputs
• Implement secure coding fixes
• Parameterised queries
• Strong password hashing
• Input validation and sanitisation
• Secure token handling

Security testing and validation

• Create test cases to simulate attacks
• Perform basic penetration testing scenarios
• Validate fixes against security requirements

Advanced exercise: multi-factor authentication

• Extend system with secure authentication mechanisms
• Address edge cases and timing attack risks
• Ensure usability and security balance

Governance, IP and compliance

• Code provenance and AI-generated content considerations
• Licensing risks and intellectual property concerns
• Data protection and organisational AI policies
• Establishing responsible AI development practices

Group exercise: responsible AI coding policy

• Define organisational standards for AI tool usage
• Create policies covering:
• Tool selection and approval
• Code attribution and IP protection
• Quality and security gates
• Developer training and competency
• Incident response and audit processes

Industry scenario workshops

• Financial services, healthcare, government, and retail contexts
• Identify regulatory and compliance requirements
• Balance productivity with risk management

Policy presentation and synthesis

• Present and critique team policies
• Consolidate best practices
• Define implementation roadmap and success metrics

Wrap up and key takeaways

• Reinforce critical evaluation of AI-generated code
• Align learning to real-world application
• Define next steps within AI in software development pathway

Exams and assessments

There are no formal exams included in this course. Learners will be assessed through practical labs, group exercises, and instructor-led discussions. These activities are designed to validate understanding and ensure learners can apply concepts in real-world scenarios.

Hands-on learning

This course includes:

• Scenario-based labs using AI-generated code
• Real-world exercises focused on quality and security challenges
• Instructor-guided refactoring and secure coding practices
• Collaborative group workshops to apply governance frameworks