AI-Assisted Code: Benefits and Risks
What AI assistants do well, and where it stops
Ask an assistant for "an Ansible task that sets the MTU on a list of interfaces" and a runnable draft comes back in seconds, already shaped like the cisco.ios collection[1] you would have reached for. That speed is real, and it is the reason to use one. It is also the entire benefit, and knowing exactly where the benefit ends is what keeps AI-assisted automation safe.
One idea governs this whole page: an AI coding assistant is a drafting aid, not an authoritative source. It produces a first draft; a human, a test, and a review turn that draft into a change you can trust on a live network. Everything below is a consequence of that one line.
Where the speed comes from
The assistant earns its keep on work that is repetitive and well represented in public code:
- Boilerplate velocity. Drafting the shapes you write constantly, an Ansible task, a Python REST client against a controller, a Jinja2 template, so a common pattern that used to take real time to hand-write comes back as a draft almost immediately.
- API and SDK discovery. Explaining an unfamiliar SDK or API surface, for example the Catalyst Center Intent API[2] payload shape or a RESTCONF[3] request body, and explaining existing code you have inherited. This lowers the learning curve on a platform you have not used before.
- Pattern consistency. Prompted with your team's standards, it can scaffold the same error handling, retry logic, and logging across a codebase, which makes the result more maintainable than a dozen engineers each inventing their own.
Where it stops
None of that makes the output correct, private, or safe to commit, and the rest of this page is the three ways it can be none of those:
- Data egress is what your prompt sends out of the organization.
- Intellectual property is what licensed code comes in with a suggestion, and what proprietary code leaks out.
- Correctness is whether the generated code is even right.
Read the assistant as the fastest junior contributor you have ever had, and also the one whose work you would never merge unread. The velocity is worth having; the review is never optional, and the rest of this page is the review.
Data egress: what leaves your organization
Pasting a running configuration into a cloud chatbot is a data transfer to a third party, full stop. The moment the prompt leaves your network it is in the provider's hands, and unless a contract says otherwise it may be logged, retained, and used to train future models (OWASP LLM02: Sensitive Information Disclosure[4]). The common misread is that the HTTPS lock icon makes the exchange private: TLS[5] encrypts the prompt in transit so nobody on the wire can read it, but it does nothing about what the server does with the prompt after it arrives. Encryption in transit is not confidentiality after arrival. The diagram traces exactly what crosses the boundary.
Secrets are the sharpest case
Whatever is in the code you paste goes with it. An API key, a device password, or an SNMP community string embedded in a script is disclosed to the provider the instant you send it, and you cannot un-send it. Scrub or externalize secrets before any code reaches an assistant: keep them out of the source entirely, in a vault or an environment variable, so there is nothing sensitive to leak in the first place. Ansible's own answer is Ansible Vault[6], which encrypts variables at rest so a playbook references a secret without embedding its value; a repository secret-detection scan[7] is the backstop that catches the key you missed before it reaches a prompt or a commit.
Residency and jurisdiction
Even scrubbed of secrets, a prompt can still break a rule. Sending it to a cloud LLM can move regulated data, customer records, anything bound by a data-residency requirement, out of the jurisdiction where it is permitted to live. If the provider processes prompts in another region, the transfer itself can be the violation, independent of whether anyone ever misuses the data.
The mitigation and its price
Where the model runs decides all of this, which is the axis the comparison table at the top of the page lays out. A self-hosted or on-premises model keeps every prompt and every line of code inside the organization, so egress, secret exposure, and residency stop being risks at all. The price is capability and upkeep: an in-house model is usually less capable than the frontier cloud service, and you own running, updating, and securing it. An enterprise no-train tier is the middle path, the cloud model's capability under a contractual promise of zero retention and no training, and it is only ever as strong as that contract. Match the tier to the sensitivity of what the prompt carries.
Intellectual property: what comes in and leaks out
Treat an AI suggestion as third-party code, not first-party code, and most of the intellectual-property risk takes care of itself. The risk runs in two directions, and the diagram shows both: licensed code can flow in with a suggestion, and your proprietary code can leak out through the model.
Inbound: licensed code you did not write
A model trained on public repositories can reproduce code that closely resembles its training data, including code under a copyleft license such as the GPL (GNU General Public License). Merge that into a proprietary product unnoticed and you have imported a licensing obligation you never agreed to, the same class of supply-chain exposure OWASP calls out for AI systems (OWASP LLM03: Supply Chain[8]). The mitigation is exactly what you already do for any dependency: license-scan and review AI-suggested code before it merges, rather than trusting it as first-party work. A merge-request approval[9] gate is the natural place to require it.
The ownership question is unsettled
There is a second, quieter inbound problem: the copyright status of purely AI-generated code is legally unsettled, and jurisdictions differ on whether output with no human author can be owned at all. You cannot resolve that debate on a code review, but you must have a policy on it, whether AI-generated code may be committed and how it is marked, so the question is answered once by the organization rather than case by case by whoever accepted a suggestion.
Outbound: your code leaving through the prompt
The same channel runs the other way. Feeding proprietary code into an external model to train or fine-tune it can leak that intellectual property into other tenants' outputs later, because the model has learned from it. This is the inverse of the inbound case, and it is why a no-train contract, introduced in the data-egress section above, matters for intellectual property and not only for privacy: it is the promise that your submissions are not folded back into the shared model. Where there is no such promise, proprietary code simply does not go to an external training endpoint.
Correctness: is the generated code even right?
Code that imports and runs is not code that is correct. An assistant's output can execute cleanly and still call the wrong device semantics, invent an attribute that does not exist, or quietly disable a protection, so "it ran in a test import" is never evidence that a change is safe. There are three failure modes to catch, and one rule catches all of them: validate every suggestion against current, authoritative documentation.
Hallucinated APIs, modules, and paths
An LLM generates the statistically likely next token, not a verified fact, so it confidently produces plausible-looking things that do not exist: an SDK method with a sensible name that was never implemented, an Ansible module that is not in the collection, a RESTCONF[3] path or YANG[10] leaf that no device actually models. Trusting that output without checking is exactly why overreliance is itself a named risk (OWASP LLM09: Misinformation[11]). The check is to confirm every call against the real module[1] or platform API[2] reference, and for model-driven interfaces against the device's advertised YANG model, rather than against the model's confidence.
Insecure defaults
Assistants frequently reach for whatever makes the example "just work," which is often the insecure choice: disabling TLS certificate verification so a request stops complaining, hardcoding a credential inline, or granting a role far broader permissions than the task needs. Disabled certificate verification is the classic one. Setting verify=False in the Python requests[5] library turns off the check that the device on the other end is who it claims to be, which re-opens the man-in-the-middle exposure that TLS exists to close. Because the model's output should be treated as untrusted input, these defaults have to be caught in review, never assumed away (OWASP LLM05: Improper Output Handling[12]).
Stale knowledge from the training cutoff
A model knows nothing after its training cutoff, so it will happily suggest a module or API that has since been deprecated or removed: an Ansible module dropped from a newer collection, an endpoint retired in a platform release. The suggestion looks current and is not. Verify the currency of anything version-sensitive against today's documentation, not against the model's frozen snapshot of it.
The human stays accountable
Across all three failure modes, human validation before deployment is mandatory, and the accountability does not transfer to the model. Run the generated automation against a lab or a sandbox with a test harness such as pyATS[13] before it touches a production device, and record that a named engineer reviewed and approved it. The model drafted the change; the engineer owns it.
The review gate: shipping AI code safely
Nothing an assistant drafts reaches a device until it clears a review gate, and the gate is the same one you would run on any contributor's pull request with a few AI-specific checks added. The diagram shows the whole path: an AI draft enters an automated gate, passes through human approval, and only then merges and deploys; anything that fails goes back to the draft.
The automated checks
Each risk family from the sections above becomes one concrete, mostly automatable check, run before a human ever looks:
- Secret scan. Catch a key, password, or community string before it is committed or, worse, sent to the assistant in the first place. A pipeline secret-detection[7] job fails the build when it finds one. (Data egress.)
- License scan. Flag suggested code that carries a license you cannot accept, treating the AI output as the third-party dependency it is. (Intellectual property.)
- Insecure-default lint. Reject disabled TLS verification, hardcoded credentials, and over-broad permissions automatically, so a
verify=Falsenever merges by accident. (Correctness.) - API and module currency check. Fail on calls to modules or endpoints that are deprecated or absent from the current collection and platform, which also catches most hallucinated APIs. (Correctness.)
- Lab test. Run the automation against a sandbox with a harness such as pyATS[14] and assert the resulting state, so behavior is proven before production. (Correctness.)
The human gate
Automation narrows the risk; it does not close it, because the checks above are necessary, not sufficient. A snippet can be correctly licensed, secret-free, and syntactically current and still implement the wrong intent. A required merge-request approval[9] by a named engineer is the step that judges intent and carries accountability. That approval is the point where a human, not the model, takes ownership of the change, which is the non-negotiable rule from the top of the page made concrete. Deploy only what has passed both gates.
Reading the stem: exam patterns and traps
The 350-901 does not ask you to recite these risks; it drops you into a short scenario and asks for the primary risk or the correct next action. Every such item rewards the same instinct from the top of the page: AI output is an unreviewed draft, so the right answer treats it as untrusted until validated, and the wrong answers treat it as authoritative, private, or correct because it looks that way.
Map the stem to the risk
| What the stem describes | Risk it is testing | The right answer |
|---|---|---|
| Engineer pastes a running config or code into a public AI chatbot | Data egress | Data goes to a third party that may retain or train on it; scrub, then use an approved tier |
| "But the session used HTTPS / TLS" offered as reassurance | Data egress (trap) | TLS protects transit, not retention; encryption is not privacy |
| AI code imported and ran in a quick test, so ship it? | Correctness (trap) | Runs is not correct; validate against current docs and lab-test with human review |
Generated function sets verify=False to make it work | Insecure default | Reject the insecure default; keep certificate verification on |
| Suggestion uses an Ansible module that no longer exists | Stale knowledge | Verify currency against today's docs; the training cutoff predates the change |
| Commit AI-suggested code straight into a proprietary repo | Intellectual property | License-scan and review first; treat it as a third-party dependency |
Two worked stems
An engineer pastes a production running-configuration into a public generative-AI chatbot to troubleshoot a routing issue. What is the primary security risk?
The load-bearing words are production configuration into a public chatbot. The primary risk is the data egress: sensitive configuration, and any secret inside it, is disclosed to a third party that may log or train on it. The trap distractor says the exchange is safe because it used HTTPS, which confuses transit encryption with confidentiality. "The AI might give wrong advice" is a real concern but not the primary risk this stem is built around, which is the disclosure.
An AI assistant generates a Python script that configures interfaces; it imports without error in a quick test. What should happen before it runs against production switches?
The words imports without error are the bait. A clean import proves nothing about correctness: the script may call a hallucinated attribute, carry an insecure default, or use a deprecated call. The correct action is to validate it against current documentation and a lab test, with a human review and sign-off, before any device sees it. "It imported, so deploy it" is exactly the overreliance the question is testing against.
The pattern behind every distractor
The wrong answer almost always treats the assistant as an authority: private because encrypted, correct because it ran, safe to commit because it looks like ordinary code. Re-read the stem for which of the three families it names, data egress, intellectual property, or correctness, and pick the option that validates before it trusts.
Where the model runs: what leaves your organization
| Concern | Public cloud LLM | Enterprise no-train tier | Self-hosted / on-prem |
|---|---|---|---|
| Prompt data leaves your org | Yes; may be logged or trained on | Yes, under a no-train / zero-retention contract | No; stays inside the org |
| Secret exposure if unscrubbed | High | High | Contained to the org |
| Data-residency control | Little; provider sets the region | Only what the contract guarantees | Full; you choose where it runs |
| Model capability | Highest | Highest | Lower, model-dependent |
| Maintenance you own | None | None | High; you run and update it |
Decision tree
Sharp facts the exam loves — give these one last read before exam day.
Cheat sheet
Sharp facts the exam loves — scan these before test day.
- AI assistants accelerate authoring of automation boilerplate
AI coding assistants speed up drafting of repetitive automation code such as Ansible tasks, Python REST clients, and Jinja2 templates, reducing time-to-first-draft for common patterns.
6 questions test this
- During a design review, stakeholders debate how much trust to place in an LLM-based coding assistant embedded in the network automation pipeline. One argues its speed justifies treating its output as
- A team maintains a growing set of Python REST clients that each share the same authentication, retry, and pagination boilerplate. Leadership asks where an AI coding assistant delivers the clearest, we
- A test engineer must create pyATS testbed YAML files describing 60 lab devices that share the same connection block structure, credentials reference, and OS type, differing only by hostname and manage
- A network automation team must ship unit tests for 30 recently written Python parser functions that each convert 'show' command output into structured dictionaries. Every test follows the same pattern
- A network automation team is standardizing a GitLab CE CI/CD pipeline across roughly 20 repositories, each needing nearly identical build, prevalidation, deploy, and post-validation stages that follow
- A network automation team must produce dozens of nearly identical Ansible tasks and Jinja2 interface templates for a greenfield campus rollout, all following an existing internal pattern. A senior eng
- AI assistants aid API/SDK discovery and code explanation
A benefit is helping engineers discover unfamiliar SDK/API usage (for example Catalyst Center or RESTCONF payload shapes) and explain existing unfamiliar code, lowering the learning curve.
- The assistant is a productivity aid, not an authority
The benefit is bounded: an AI assistant is a drafting aid, not an authoritative source, so its output still requires review and testing before it can be trusted for network changes.
6 questions test this
- During a design review, stakeholders debate how much trust to place in an LLM-based coding assistant embedded in the network automation pipeline. One argues its speed justifies treating its output as
- A team maintains a growing set of Python REST clients that each share the same authentication, retry, and pagination boilerplate. Leadership asks where an AI coding assistant delivers the clearest, we
- A test engineer must create pyATS testbed YAML files describing 60 lab devices that share the same connection block structure, credentials reference, and OS type, differing only by hostname and manage
- A network automation team must ship unit tests for 30 recently written Python parser functions that each convert 'show' command output into structured dictionaries. Every test follows the same pattern
- A network automation team is standardizing a GitLab CE CI/CD pipeline across roughly 20 repositories, each needing nearly identical build, prevalidation, deploy, and post-validation stages that follow
- A network automation team must produce dozens of nearly identical Ansible tasks and Jinja2 interface templates for a greenfield campus rollout, all following an existing internal pattern. A senior eng
- AI assistants can scaffold consistent coding patterns
When prompted with team standards, an assistant can scaffold consistent error handling, retries, and logging across a codebase, improving maintainability.
- Pasting configs/code into a cloud LLM sends data to a third party
Pasting configurations, topology, or proprietary code into a cloud LLM transmits that data to a third party that may log or train on it unless a zero-retention or enterprise no-train agreement forbids it.
Trap Assuming TLS to the API endpoint makes the prompt private; encryption in transit does not prevent server-side retention or training.
10 questions test this
- A defense-sector operator prohibits any network data from leaving its administrative boundary but still wants AI-assisted automation coding. An architect proposes deploying a self-hosted open-weight m
- An engineer pastes a Python requests script that calls a Cisco IOS-XE RESTCONF endpoint into a cloud LLM to add error handling. The script hardcodes an Authorization header built from a Base64 basic-a
- A network engineer troubleshooting an OSPF adjacency pastes a full running-config, including neighbor IPs and area design, into a public consumer-tier chatbot to get remediation advice. The security t
- A team integrates a cloud AI code-review bot into GitLab CE so every merge request diff is submitted to the vendor for automated review. A new MR adds a variables file that defines a TACACS+ key and a
- Business requirements mandate continued use of an approved cloud AI coding assistant, but policy also requires minimizing exposure of sensitive network data in prompts. An engineer must review automat
- A developer pastes a docker-compose.yml service stanza into a cloud AI assistant to troubleshoot a container that fails to start. The stanza sets environment variables including POSTGRES_PASSWORD and
- An automation team exports an SD-WAN overlay topology containing site IP addressing, device hostnames, and transport locators, then pastes it into a public consumer-tier AI chat service to auto-genera
- A team wants to use a cloud AI coding assistant for network automation but must ensure pasted device configurations are not retained or used to train the vendor's models. Which control most directly s
- Before sending an Ansible playbook to a cloud LLM for review, an engineer notices vault-style variables containing API tokens and enable passwords rendered inline. Following secure-coding guidance for
- An organization forbids sending any configuration data to external AI services but still wants AI-assisted code generation for automation. An architect proposes running an open-weight LLM on internal
- Secrets embedded in prompted code are exposed
Secrets inside code that is pasted into a prompt (API keys, device passwords, SNMP community strings) are disclosed to the provider; scrub or externalize secrets before sending code to an assistant.
5 questions test this
- An engineer pastes a Python requests script that calls a Cisco IOS-XE RESTCONF endpoint into a cloud LLM to add error handling. The script hardcodes an Authorization header built from a Base64 basic-a
- A team integrates a cloud AI code-review bot into GitLab CE so every merge request diff is submitted to the vendor for automated review. A new MR adds a variables file that defines a TACACS+ key and a
- Business requirements mandate continued use of an approved cloud AI coding assistant, but policy also requires minimizing exposure of sensitive network data in prompts. An engineer must review automat
- A developer pastes a docker-compose.yml service stanza into a cloud AI assistant to troubleshoot a container that fails to start. The stanza sets environment variables including POSTGRES_PASSWORD and
- Before sending an Ansible playbook to a cloud LLM for review, an engineer notices vault-style variables containing API tokens and enable passwords rendered inline. Following secure-coding guidance for
- Self-hosted models mitigate data egress at a capability cost
Running a self-hosted or on-prem model keeps prompts and code inside the organization, mitigating egress risk, at the cost of model capability and maintenance overhead.
2 questions test this
- A defense-sector operator prohibits any network data from leaving its administrative boundary but still wants AI-assisted automation coding. An architect proposes deploying a self-hosted open-weight m
- An organization forbids sending any configuration data to external AI services but still wants AI-assisted code generation for automation. An architect proposes running an open-weight LLM on internal
- Cloud LLM use can violate data-residency requirements
Sending prompts to a cloud LLM can breach data-residency or compliance boundaries when regulated data leaves its permitted jurisdiction.
- AI output may reproduce licensed training snippets
AI-generated code can reproduce snippets resembling its training data, risking license contamination (for example copyleft/GPL code) inside a proprietary codebase.
7 questions test this
- During merge-request review, an engineer accepts several AI-generated functions that push interface configuration to Cisco devices. Which reviewer action most directly satisfies the objective on mitig
- A platform team wants to reduce the intellectual-property exposure created when engineers accept AI-generated suggestions into shared automation repositories. Which control most directly mitigates the
- A team enables a coding assistant's duplication-detection (code referencing) feature that flags when a completion matches source found in public repositories. Which intellectual-property risk does ena
- A platform team wants to automatically detect when AI-suggested code merged into their Python automation repositories carries incompatible open-source license obligations, treating those suggestions l
- An AI coding assistant is used to generate a Python module that parses OSPF neighbor state for an enterprise's closed-source, proprietary automation product. Legal counsel raises an intellectual-prope
- A software vendor's delivery contract includes a warranty that all automation code shipped to the customer is the vendor's original work, owned by the vendor, and free of third-party IP claims. Portio
- An AI coding assistant emits a parser function that a reviewer recognizes as reproduced nearly verbatim from an Apache-2.0-licensed open-source project. A developer argues that because Apache-2.0 is p
- Copyright status of AI-generated code is unsettled
Ownership and copyright of purely AI-generated code is legally unsettled, so organizations must set policy on whether such output may be committed and how it is attributed.
4 questions test this
- An organization is drafting a policy governing whether AI-generated code may be committed into its network-automation repositories and how it should be attributed. Counsel notes that one unresolved le
- A team wants to contribute AI-generated Ansible modules upstream to an open-source project that requires a Developer Certificate of Origin (DCO) Signed-off-by attestation that the contributor created
- An acquirer's technical due-diligence team reviews a target company's flagship network-automation platform and finds that a large share of its Python and Terraform modules were produced almost entirel
- A software vendor's delivery contract includes a warranty that all automation code shipped to the customer is the vendor's original work, owned by the vendor, and free of third-party IP claims. Portio
- Mitigate IP risk with license review of AI suggestions
The mitigation is to license-scan and review AI-suggested code before merge, treating it like any third-party dependency rather than trusted first-party code.
7 questions test this
- During merge-request review, an engineer accepts several AI-generated functions that push interface configuration to Cisco devices. Which reviewer action most directly satisfies the objective on mitig
- A platform team wants to reduce the intellectual-property exposure created when engineers accept AI-generated suggestions into shared automation repositories. Which control most directly mitigates the
- A team wants to contribute AI-generated Ansible modules upstream to an open-source project that requires a Developer Certificate of Origin (DCO) Signed-off-by attestation that the contributor created
- A team enables a coding assistant's duplication-detection (code referencing) feature that flags when a completion matches source found in public repositories. Which intellectual-property risk does ena
- A platform team wants to automatically detect when AI-suggested code merged into their Python automation repositories carries incompatible open-source license obligations, treating those suggestions l
- An AI coding assistant is used to generate a Python module that parses OSPF neighbor state for an enterprise's closed-source, proprietary automation product. Legal counsel raises an intellectual-prope
- An AI coding assistant emits a parser function that a reviewer recognizes as reproduced nearly verbatim from an Apache-2.0-licensed open-source project. A developer argues that because Apache-2.0 is p
- Submitting proprietary code to train a model leaks IP
Feeding proprietary code into an external model for training or fine-tuning can leak that intellectual property into other tenants' outputs.
- LLMs hallucinate non-existent APIs, modules, and YANG paths
LLMs invent plausible-looking but non-existent SDK methods, module names, or CLI/YANG paths, so generated code must be validated against real API and module documentation.
Trap Assuming code that imports and runs is correct; it may still call the wrong device semantics or a fabricated attribute.
9 questions test this
- An engineer asks an AI assistant to generate a RESTCONF PUT that configures a GigabitEthernet interface on Cisco IOS-XE. The tool emits a body targeting Cisco-IOS-XE-native:native/interface/GigabitEth
- An AI assistant generates an Ansible task that sets interface descriptions on Cisco IOS-XE using cisco.ios.ios_interface with state present. On execution, Ansible emits a deprecation warning and the t
- An engineer prompts an AI coding assistant to generate Terraform that manages an OSPF process on a Cisco IOS-XE device using the CiscoDevNet/iosxe provider. The assistant emits a block declaring resou
- An engineer asks an AI coding assistant to write Python that edits an OSPF process on a Cisco IOS-XE device over NETCONF using ncclient. The output calls a method named manager.edit_ospf_config() and
- Reviewing AI-generated Python that uses the Catalyst Center SDK (dnacentersdk), an engineer sees a call to api.devices.fetch_all_interfaces(), which raises AttributeError at runtime. Which conclusion
- An AI assistant generates Python to pull device templates from Cisco SD-WAN Manager (vManage). The code targets a REST API resource path the assistant presents as current, but at runtime the controlle
- An AI assistant generates a Python automation script whose first line is import ciscoiosxe_netauto and whose README instructs the engineer to run pip install ciscoiosxe-netauto to obtain a Cisco IOS-X
- A team proposes a workflow where an LLM-based agent generates configuration-push scripts that a GitLab CE pipeline deploys automatically to production Cisco devices with no human in the loop, arguing
- An AI assistant generates an Ansible task that manages access VLANs on Cisco IOS-XE switches using the module cisco.ios.ios_vlan with state present. When the engineer runs the playbook against the cur
- Human validation of AI code is mandatory before deployment
Human review of AI-generated automation is mandatory before it touches devices, and the engineer, not the model, remains accountable for the resulting change.
7 questions test this
- An engineer reviews AI-generated Python that automates read-only inventory collection from Cisco Catalyst Center. To authenticate, the script programmatically provisions a new API account and assigns
- During review of AI-generated Python that connects to Cisco IOS-XE over SSH, an engineer finds the client calls ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()). Which concern must be flagged
- An engineer prompts an AI coding assistant to generate Terraform that manages an OSPF process on a Cisco IOS-XE device using the CiscoDevNet/iosxe provider. The assistant emits a block declaring resou
- An AI-generated change pushed to Cisco IOS-XE devices caused an outage, and a postmortem debates whether the model provider or the engineer bears responsibility. Which statement best reflects proper g
- Reviewing AI-generated Python that uses the Catalyst Center SDK (dnacentersdk), an engineer sees a call to api.devices.fetch_all_interfaces(), which raises AttributeError at runtime. Which conclusion
- During code review, an engineer inspects AI-generated Python that consumes the Cisco Catalyst Center REST API. The snippet calls requests.post(url, verify=False) and embeds a hardcoded API token in th
- A team proposes a workflow where an LLM-based agent generates configuration-push scripts that a GitLab CE pipeline deploys automatically to production Cisco devices with no human in the loop, arguing
- AI assistants often emit insecure defaults
AI assistants frequently produce insecure defaults such as disabled TLS verification, hardcoded credentials, or overly broad permissions, which must be caught during code validation.
4 questions test this
- An engineer reviews AI-generated Python that automates read-only inventory collection from Cisco Catalyst Center. To authenticate, the script programmatically provisions a new API account and assigns
- During review of AI-generated Python that connects to Cisco IOS-XE over SSH, an engineer finds the client calls ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()). Which concern must be flagged
- An AI assistant generates a Python automation script whose first line is import ciscoiosxe_netauto and whose README instructs the engineer to run pip install ciscoiosxe-netauto to obtain a Cisco IOS-X
- During code review, an engineer inspects AI-generated Python that consumes the Cisco Catalyst Center REST API. The snippet calls requests.post(url, verify=False) and embeds a hardcoded API token in th
- Training cutoffs cause deprecated API suggestions
A model's training cutoff means it may suggest deprecated or removed modules and APIs (for example a removed Ansible module), so the currency of suggestions must be verified.
3 questions test this
- An AI assistant generates an Ansible task that sets interface descriptions on Cisco IOS-XE using cisco.ios.ios_interface with state present. On execution, Ansible emits a deprecation warning and the t
- An AI assistant generates Python to pull device templates from Cisco SD-WAN Manager (vManage). The code targets a REST API resource path the assistant presents as current, but at runtime the controlle
- An AI assistant generates an Ansible task that manages access VLANs on Cisco IOS-XE switches using the module cisco.ios.ios_vlan with state present. When the engineer runs the playbook against the cur
References
- https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_config_module.html
- https://developer.cisco.com/docs/dna-center/
- https://www.rfc-editor.org/rfc/rfc8040
- https://genai.owasp.org/llmrisk/llm022025-sensitive-information-disclosure/
- https://requests.readthedocs.io/en/latest/user/advanced/
- https://docs.ansible.com/ansible/latest/vault_guide/vault.html
- https://docs.gitlab.com/user/application_security/secret_detection/
- https://genai.owasp.org/llmrisk/llm032025-supply-chain/
- https://docs.gitlab.com/user/project/merge_requests/approvals/
- https://datatracker.ietf.org/doc/html/rfc7950
- https://genai.owasp.org/llmrisk/llm092025-misinformation/
- https://genai.owasp.org/llmrisk/llm052025-improper-output-handling/
- https://developer.cisco.com/docs/pyats/pyats-on-devnet/
- https://developer.cisco.com/docs/pyats/