Further Reading: Chapter 17 — GitHub Copilot and AI Code Assistants

Official Documentation and Research

GitHub Copilot Documentation https://docs.github.com/en/copilot The official documentation covers all Copilot features, IDE integrations, configuration options, and best practices. The most current source for feature details, keyboard shortcuts, and plan comparisons. Updated frequently.

GitHub Copilot Research: Quantifying GitHub Copilot's impact on developer productivity and happiness https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/ The foundational GitHub-commissioned research study showing 55% faster task completion with Copilot. Read with attention to methodology — it is a controlled study, not observational data, and the tasks selected affect the results. A useful baseline for understanding where productivity gains are real.

GitHub Security Lab Research https://securitylab.github.com/ GitHub's security research team publishes findings on AI-generated code vulnerabilities. Their work on common insecure code patterns in AI suggestions is directly relevant to the trust calibration discussion in this chapter.

Academic and Independent Research

"Do Users Write More Insecure Code with AI Assistants?" Sandoval et al., 2022 (available via ACM Digital Library) An empirical study examining whether developers write less secure code when using AI code assistants. The finding that insecure suggestions are more likely to be accepted than rejected is central to understanding the security risk profile of these tools.

"Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions" Pearce et al., 2022 (IEEE Symposium on Security and Privacy) A rigorous analysis of Copilot-generated code across common vulnerability categories. Found that Copilot generates vulnerable code in a meaningful percentage of security-sensitive scenarios. Essential reading for anyone responsible for secure development practices.

Tools and Platforms

Cursor https://cursor.sh The official site for the Cursor AI-first IDE. The documentation covers Composer, codebase indexing, and model selection in detail. If you are evaluating whether to move beyond plugin-based AI assistance, start with the Cursor documentation and feature tour.

Amazon Q Developer (formerly CodeWhisperer) https://aws.amazon.com/q/developer/ Documentation for Amazon's developer AI tool, including the security scanning feature and AWS integration capabilities. Particularly relevant for AWS-focused development teams.

Tabnine https://www.tabnine.com/ Documentation covering Tabnine's self-hosted and enterprise deployment options for teams with strict code privacy requirements.

Security and Code Quality

OWASP Top Ten https://owasp.org/www-project-top-ten/ The Open Web Application Security Project's list of the most critical web application security risks. SQL injection (now part of the broader "Injection" category) appears in every version of this list. Understanding the full list helps you recognize which AI code patterns correspond to which vulnerability categories.

Python Security Best Practices (Bandit) https://bandit.readthedocs.io/ Bandit is a security linter for Python that catches many of the exact patterns that Copilot sometimes generates insecurely. Running Bandit as part of your CI pipeline catches AI-generated vulnerabilities that pass code review. The Bandit documentation describes what it looks for.

CWE/SANS Top 25 Most Dangerous Software Weaknesses https://cwe.mitre.org/top25/ A comprehensive catalog of software weakness types, including detailed explanations of injection, improper authentication, and cryptographic failures. Use this as a reference for what "security review" means in practice.

Community and Ongoing Learning

GitHub Copilot Changelog https://github.blog/changelog/label/copilot/ GitHub's changelog filtered to Copilot updates. Since AI coding tools evolve rapidly, following the changelog keeps you current on new features and capabilities as they ship.

r/GithubCopilot https://www.reddit.com/r/GithubCopilot/ Community discussion of Copilot use in practice. Particularly useful for discovering unusual use cases, reported failure modes, and workflow innovations that do not appear in official documentation.

Simon Willison's Blog https://simonwillison.net/ Simon Willison (co-creator of Django, founder of Datasette) writes extensively about AI coding tools in practical use. His writing is technically rigorous and skepticism-aware — he notes both genuine capabilities and real limitations with equal precision. Useful for a practitioner perspective from an experienced developer.

Note on Currency

The AI coding tools landscape changes rapidly. New models, new features, and new tools emerge frequently. The resources listed here were current and valuable as of early 2026, but feature sets and pricing may have changed. For any tool you are actively evaluating, always consult the official documentation rather than relying on third-party comparisons that may be outdated.