惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
IT之家
IT之家
博客园 - Franky
大猫的无限游戏
大猫的无限游戏
博客园 - 【当耐特】
Recorded Future
Recorded Future
罗磊的独立博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
Last Week in AI
Last Week in AI
S
Schneier on Security
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
AWS News Blog
AWS News Blog
D
Docker
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 叶小钗
Spread Privacy
Spread Privacy
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
P
Palo Alto Networks Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
V2EX
T
Tenable Blog
A
Arctic Wolf
C
Cisco Blogs
S
SegmentFault 最新的问题
T
The Exploit Database - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
The Register - Security
The Register - Security
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Latest news
Latest news
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Threatpost
L
LangChain Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
腾讯CDC
I
Intezer
Schneier on Security
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org

Stack Overflow Blog

Paging Charity! How can engineering leaders avoid becoming Bond villains? Code isn’t the only thing causing your production failures Your AI shipped a backend that boots. That is the whole problem. The 2026 Developer Survey is now open (for human developers only)! Oh the places you’ll go with spatial data Dispatches from O'Reilly: From capabilities to responsibilities You don’t understand DNS like you think you do The new bottleneck - Stack Overflow AI agents are a confused deputy with the keys to your kingdom If context is king, architecture is the castle Selenium vs Cypress vs Playwright: Choosing Your Test Automation Framework AI agents expose the security checks you never actually wrote Designing CherryScript: Optimizing Data-Driven Workflows via Custom Python-Based Interpreters Paging Charity? How do I get my leaders to stop running teams Into the ground? Developers are emotionally attached to their tools When the cost of code approaches zero, what does engineering leadership look like? Announcing Stack Overflow for Agents Creating checkpoints by gaslighting a Postgres database What can 500 years of journalism teach developers about AI trustworthiness? Making the OWASP top ten in the vibe code era What it takes to be a player in the international AI game Best of the Heap: First post of the past The find out stage of AI is just supply chain and password protection In an AI world, the most valuable developers will be both artisans and builders Agents on a leash: Agentic AI remains mostly single-agent and monitored at work Do you have what it takes to run AI in production? Dispatches from O'Reilly: The accidental orchestrator Breaking your AI storage bottlenecks Coding agents are giving everyone decision fatigue Pack your agentic stack in Slack Your fridge could be a threat to national security Interviews aren’t about you (sorry) “You can't vibe code scale”: What the AI hype gets wrong about software engineering No Dumb Questions: What is cloud computing and why is everyone doing it? Observability and human intuition in an AI world How Braze’s CTO is rethinking engineering for the agentic area You shipped it fast. But did you ship it right? Building a Google Drive Sync Engine that Survives MV3 Service Workers Connecting the dots for accurate AI When the Sensor Starts Thinking: SnortML, Agentic AI, and the Evolving Architecture of Intrusion Detection OAuth 2.0 – Device flow explained for Engineers, especially for Backend Engineers Introducing the Heap, the software engineering blog for everyone Compile-Time Map and Compile-Time Mutable Variable with C++26 Reflection No Dumb Questions: What is an MCP server and why do I care? AI giveth and AI taketh CPU How we replaced Ingress-NGINX at Stack Overflow What (un)exactly do you mean by semantic search? Dispatches from O'Reilly: Fast paths and slow paths Time is a construct but it can still break your software The Worst Coder in the World goes agentic: building a leaderboard cracking AI Turning scattered knowledge into trusted intelligence: Stack Internal 2026.3 Your LLM issues are really data issues Welcome to the “find out” stage of AI Lights, camera, open source! - Stack Overflow Black box AI drift: AI tools are making design decisions nobody asked for How to get multiple agents to play nice at scale We still need developer communities No country left behind with sovereign AI Human input needed: take our survey on AI agents Why AI hasn't replaced human expertise—and what that means for your SaaS stack Who needs VCs when you have friends like these? The messy truth of your AI strategies Gen Z needs a knowledge base (and so do you) He designed C++ to solve your code problems Seizing the means of messenger production What the AI trust gap means for enterprise SaaS How can you test your code when you don’t know what’s in it? Prevent agentic identity theft - Stack Overflow Building shared coding guidelines for AI (and people too) Multi-stage attacks are the Final Fantasy bosses of security After all the hype, was 2025 really the year of AI agents? AI is becoming a second brain at the expense of your first one Building a global engineering team (plus AI agents) with Netlify Keeping the lights on for open source Domain expertise still wanted: the latest trends in AI-assisted knowledge for developers Open source for awkward robots The context problem: Why enterprise AI needs more than foundation models Even the chip makers are making LLMs Organizing productive platform teams - Stack Overflow Building brains for bulldozers - Stack Overflow DeveloperWeek 2026: Making AI tools that are actually good AI-assisted coding needs more than vibes; it needs containers and sandboxes No need for Ctrl+C when you have MCP What’s new at Stack Overflow: March 2026 To live in an AI world, knowing is half the battle Beyond block or allow: How pay-per-crawl is reshaping public data monetization Your sneak peek at the redesigned Stack Overflow Dogfood so nutritious it’s building the future of SDLCs Defense against uploads: Q&A with OSS file scanner, pompelmi Even GenAI uses Wikipedia as a source Why Stack Overflow and Cloudflare launched a pay-per-crawl model Data is the new oil, and your database is the only way to extract it Even your voice is a data problem How everyone and anyone can use AI for good Is anyone using AI for good? The logos, ethos, and pathos of your LLMs Why demand for code is infinite: How AI creates more developer jobs AI attention span so good it shouldn’t be legal Code smells for AI agents: Q&A with Eno Reyes of Factory Generating text with diffusion (and ROI with LLMs)
Mind the gap: Closing the AI trust gap for developers
2026-02-18 · via Stack Overflow Blog

Stack Overflow’s 2025 developer survey revealed a puzzle: Developers’ use of AI rose, with more than 84% of respondents using or planning to use AI tools in 2025. But their trust in those tools dropped sharply: Only 29% of 2025 respondents said they trust AI, down 11 percentage points from 2024.

At the risk of stating the obvious, the trustworthiness of a tool is important. Trust determines whether organizations can realize the productivity, scalability, and innovation potential of AI. It impacts whether AI-generated code makes it to production or needs to be rewritten by humans. It affects whether organizations scale AI adoption or keep it confined to low-stakes experiments. And it influences whether the next generation of developers learns to work effectively with AI or not.

To be clear, when we talk about trust, we mean confidence that AI outputs are accurate, reliable, and rooted in relevant context. Developer trust is synonymous with a willingness to deploy AI-generated code to production systems with minimal human review, as well as assurance that AI tools aren’t introducing unacceptable risks and technical debt that will burden you down the line.

The gap between usage and trust spotlighted by our survey reveals something important about this moment in software development. Developers are neither reflexively change-resistant nor overly eager to integrate AI into their workflows without first ensuring that it adds value. They're professionals trying to navigate a paradigm shift that calls into question core aspects of how they've been trained to think about their work.

For everyone involved in building software, it’s important to understand why this gap exists, what it reveals about the culture and practice of software development, and how we might close it. Let's get into it.

Stack Overflow has been tracking developer sentiment around AI since 2023, asking consistent questions to illuminate how developers’ attitudes are evolving over time.

In 2023, roughly 70% of developers reported using or planning to use AI tools. Trust levels hovered around 40%: not great, but understandable for a new category of tech. In 2025, we saw usage rise to 84% even as trust dropped to 29%, a counterintuitive dip in trustworthiness that correlates with higher adoption rates.

A typical technology adoption curve shows the opposite relationship. Familiarity breeds confidence. You learn the scope and quirks of a piece of tech; develop best practices; understand through experience what it can and can’t do. But the more devs use AI, it seems, the less they trust it. What’s going on here?

Part of the answer lies in who software developers are at the population level. Software engineers are trained for deterministic thinking: write the same code twice, get the same result twice. Their professional identity hinges on craftsmanship, on elegant solutions written to solve hard problems. Approaching AI coding tools from that perspective, developers are primed to note every inconsistency, every failure, every instance when the tool falls short of the high standards they’ve set for themselves.

Developers are trained to think in terms of reproducible outcomes. They write a function, they test it, and it behaves predictably. Same input, same output. There's something deeply satisfying about this: "I'm going to do this; as a result, I'm going to get that." It's dependable and easily comprehensible, like following a recipe that reliably produces a delicious meal. It's what makes the field software engineering rather than software hoping-for-the-best.

Fundamentally, AI operates on different principles. It's probabilistic rather than deterministic, meaning that if you ask the same question twice, you’ll probably get two different answers. Both are potentially correct, but they might be structured differently, using different approaches, making different tradeoffs. There's no single "right" output; just a distribution of possibilities weighted by probability.

Many devs find this jarring because it violates their foundational expectations about how coding tools should work. Working effectively with AI requires accepting variability as an inherent feature of the system. This can be a major mental shift for developers trained to prioritize precision and reproducibility.

Instead of assessing whether AI is “better” or “worse” than conventional coding practices, we should acknowledge that it’s different in significant ways that create cognitive friction. Understanding and adjusting to those differences takes time, and during that adjustment period, trust can falter.

AI hallucinates, and not always in ways that are apparent or easy to catch. Developers report encountering plausible-looking code that simply doesn't work, confidently wrong explanations of what code does, references to APIs that don't exist or methods that were deprecated years ago, and subtle security vulnerabilities that slip past casual review because the surrounding code looks polished.

This creates a discernment burden. When every piece of AI-generated code requires verification, you can't just accept it and move on. Instead, you have to read it carefully, understand what it's doing, test it thoroughly, and check for edge cases. If that verification takes as long as it would have taken you to write the code yourself, what exactly have you gained?

If you're building financial systems, healthcare applications, or any software that handles user data, one undetected hallucination can have serious consequences. Pushing unvetted AI code into important systems is a bad idea, even if it seems to save time and effort in the short term. Developers know this, which is why fear of hallucinations keeps them from placing more trust in AI.

Another factor in the trust deficit is simple: People just aren’t used to AI coding tools yet. As we said above, AI tools are simply different, and they require a different skill set from conventional coding tools. You need to learn effective prompting: how to communicate intent clearly to a system that doesn't think like you do. You need to develop evaluation frameworks for assessing outputs. You need to figure out validation workflows that catch problems without creating bottlenecks.

There's a competence-confidence gap here too. Many developers recognize that they don't fully understand how to use AI tools. They're uncertain about their own skills: "Am I prompting this correctly? Would a better prompt have given me better code? Is this the tool's limitation or my limitation?" That uncertainty comes across as a lack of trust in the tool, but it's also an uncertainty about one's own ability to use the tool well. It's a learning curve masquerading as a trust issue.

Finally, there's the elephant in the room. Developers contemplating AI coding tools often wonder if they’re using (and, thereby, improving) tools that will ultimately replace them.

For many developers, this existential angst hovers over every interaction with AI coding tools, creating a psychological barrier. It's hard for developers to fully trust something they perceive as a potential threat not just to their livelihood but also to their identity. Media narratives around AI replacing jobs amplify these fears, even when the reality is more nuanced.

The result is a certain degree of cognitive dissonance. Devs use AI tools because they’re useful, because their employer encourages them, or because their colleagues are using them and they don't want to fall behind. But they can’t place their complete trust in something that seems to threaten them with obsolescence.

Developers are right to be skeptical about AI coding tools. High standards are a given in software development. Quality matters. Security matters. Maintainability matters. The "move fast and break things" ethos only takes you so far, especially when "things" include financial systems, medical devices, or critical infrastructure that people depend on.

Professional skepticism—the instinct to verify, to question, to hold outputs to rigorous standards—is part of good engineering culture. To some extent, the trust gap reflects developers applying that skepticism to a new category of technology. That’s a good instinct.

But, as Stack Overflow CEO Prashanth Chandrasekar pointed out in a recent conversation with OpenAI Head of Developer Experience Romain Huet, developers have always dealt with fallible tools: "If you fat-fingered something on a calculator and you got your exam question wrong, it's not on the calculator." Tools in every technology category require user competence and accountability to produce good results. They're aids to human judgment, not replacements for it.

Engineers still own the outcomes. You can't blame AI when code fails (“a poor workman blames his tools,” my dad used to say). But that cuts both ways: If you own the outcomes, you need to understand AI well enough to use it effectively, which means letting go of reflexive distrust.

However we feel about it, the developer skill set now includes understanding how and when to leverage AI effectively: how to structure prompts, how to evaluate outputs, how to integrate AI-generated code into existing systems. And it’s rapidly evolving to include architecting systems with AI agents: designing workflows that optimally combine human and machine capabilities.

Of course, the trust gap isn’t just an individual challenge; for the enterprise, it’s also an organizational one.

When your engineering team doesn't trust AI tools, narrowly scoped pilots might succeed, but the tool doesn’t scale. Teams revert to trusted manual processes when they’re under pressure. Security teams are reluctant to deploy tools they don’t really trust. Privacy officers fret over where data goes and what models learn. Governance frameworks built for traditional software often fail to map cleanly onto AI workflows. In highly-regulated industries like finance, healthcare, and legal services, the scrutiny and skepticism tend to be even more intense.

Then you get to questions of accuracy and context. What data is the AI actually using? Is it pulling from your proprietary codebase? Is it sharing your information with external systems? Can you prove to auditors that your AI outputs are reliable?

Some organizations are building trust by addressing these concerns head-on. Consider Uber's approach with Genie, an AI assistant that automatically answers questions in Slack channels and resolves support tickets. Genie is powered by curated institutional knowledge. It plugs into Stack Internal, Uber's private repository of human-verified technical content, and combines that rich organizational knowledge and context with OpenAI's models. The result is a system that provides both accuracy (from human curation) and scale (from AI capabilities). Attribution and traceability are built in: Uber’s teams can see where answers came from, which builds trust. This trust means more adoption and higher competency, creating a virtuous cycle of innovation for Uber’s technical teams.

Genie points to a winning formula: human curation + AI capabilities = trustworthy tools that scale. Investment in knowledge management infrastructure is the way to get there. Genie demonstrates that the trust problem is solvable when organizations take it seriously—and place human expertise at the heart of their solution.

So how do we go about closing this gap? We have ideas for individual developers, engineering leaders, and organizations, but they come down to the same principle: Trust is earned by demonstrating competence over time.

  • Master the fundamentals first. This is critical, because you can't evaluate code quality without understanding what good architecture looks like. You can't write effective tests without knowing what can break. You can't catch hallucinations without domain expertise. It’s important for experienced developers to keep these skills from atrophying, and junior developers to build them in the first place.
  • Reframe the relationship. If you’re one of those people who thinks of AI as a magic oracle, stop. Instead, think of an AI coding tool like a junior developer: promising, pretty fast, but prone to sometimes-basic errors and in need of supervision and redirection. Would you trust a junior engineer's code in a business-critical application without review? Of course not. You'd read it carefully, understand the approach, test it thoroughly, provide feedback, and watch the junior dev iterate. The same approach works with AI-generated code. This way of thinking about the human-AI relationship helps calibrate expectations appropriately.
  • Develop AI-specific skills. Learn to prompt effectively. If you want decent output, recognize that prompting is an actual skill you have to perfect. Build evaluation frameworks for common tasks so you can quickly assess whether outputs are on or off track. Write comprehensive tests—perhaps even more comprehensive than you would for human-written code, since you can be less certain about edge case handling. Create validation workflows that catch problems early.
  • Adopt progressive trust. As with any new tool or technology, you can’t go from zero to full production deployment overnight. Start with low-stakes use cases: boilerplate code, test generation, and documentation. Build confidence incrementally. As you develop better assessment skills, graduate to more complex tasks.
  • Create accountability structures. Make it clear that humans own AI-generated code, but at the same time, build accountability structures specific to AI code. Adapt code review processes for AI-assisted work: Reviewers should know what was AI-generated and apply appropriate scrutiny. Testing requirements shouldn’t change because AI was used; if anything, they should intensify.
  • Foster the right culture. Organizations can normalize AI usage while maintaining quality standards—those priorities aren't in conflict. Notice and celebrate effective collaboration between humans and AI tools, not AI usage alone. After all, the goal isn't maximizing the amount of AI-generated code; it's maximizing the value delivered.
  • Invest in knowledge management. Following Uber’s example with Stack Internal, build your own institutional knowledge repositories. Ensure AI tools can access company-specific context around internal APIs, architectural decisions, and coding standards. Human curation establishes a solid foundation that AI can build on.
  • Provide training and support. AI-literate engineers need to be trained in critical thinking focused on evaluating AI outputs. Help engineers develop AI management skills through training like workshops, mentorships, guest speakers, and lunch-and-learns.
  • Emphasize transparency and attribution at every opportunity. Always cite your sources. Where did this code or answer come from? What confidence level does the AI have? What human-verified knowledge informed this output? Transparency builds trust; a black box erodes it.
  • Beware shadow AI. Shadow AI, a riff on the term shadow IT, is when employees use AI tools or systems without the approval or involvement of IT and security teams. For instance, somebody looking for help debugging might feed proprietary source code into an AI system that saves all user input, exposing the company and its code to huge risk. One survey found that 38% of employees shared confidential company data with unapproved AI systems.
  • Build governance frameworks that make sense. Traditional security reviews don’t necessarily scale for AI coding tools, which often require enhanced security postures around data exfiltration and sandboxing. Your goal should be to develop approval processes that acknowledge AI's different risk profile and strike a balance between timeliness and risk mitigation.
  • Pilot thoughtfully and scale intentionally. It’s a good idea to measure trust alongside usage metrics. If usage is up but trust is down, you have a problem that won't solve itself. Build confidence through successful deployments of smaller-scale pilots, then move to more ambitious projects once your teams know they can trust the tool.

There’s a tendency to look at the AI trust gap as a crisis. In actuality, it’s a reasonable response to a major platform shift: a reflection of healthy skepticism from a profession that cares deeply about quality, precision, and reproducibility. As developers get better at working with AI tools, as they understand the abilities and limitations of AI, they’ll place more trust in the tools—because they’ll know what the tech can and can’t do. And they’ll trust themselves to use the tool properly.

As Chandrasekar emphasized in his talk with OpenAI Head of Developer Experience Romain Huet, this moment calls for a balance between blind faith in AI and total rejection of the whole concept. As an industry, we need developers who’ve mastered the fundamentals: how systems work, how to write good tests, and how to architect for scale and reliability. There’s a new fundamental they’ll need: how to use AI tools effectively: "If you don't do that, then you're gonna get left behind. So it's a combination of both because at some point you're gonna be in a situation where it's on you to build something very important for a company. You better know what's underneath the hood before you push it into production."

For the many developers who lack trust in AI coding tools, our advice is: Don’t wait for perfect trust before you start learning. (That would be an awfully long wait.) The path forward is building competence through practice, developing judgment through experience, and letting trust grow naturally as you discover what AI can and can't do dependably.

The trust gap reveals developers’ professional integrity. They’re holding AI to high standards of quality and accuracy rather than accepting whatever it produces. They're applying the same rigor they'd direct at any tool that could affect production systems. Ultimately, that insistence on quality and refusal to cut corners will make AI-assisted development better.