Smarter than the copilot: why you still need to know fundamentals of secure coding and data structures in a world of AI assistants

In the age of copilots and AI assistants one wonders if spending time on reading fundamental books such Data structures and Algorithms by Horowitz and Sahni or Security engineering by Ross Anderson makes sense today. 

Taking a snippet from Horowitz and Sahni which describes computer science as a study of data which holds true even today

While prepping for a talk to a bunch of bright-eyed AI/ML students about why data structures and algorithms still matter, my mind did what it does best — wandered off like a toddler in a candy store. Does any of this even make sense anymore?? I tossed, I turned, I over dramatically stared at the ceiling like a bad soap opera actor. But then, somewhere between dread and caffeine withdrawal, five points popped into my head — and honestly, they make a pretty solid case that investing in the basics builds the kind of critical thinking muscles we desperately need today.

AI can generate code but cannot understand context: AI can give you suggestions to code but can it understand your business case for building something, different ways an attacker can attack your system, your unique performance constraints? How do you know all this, thinking about the threat model, the user requirements on performance criteria needed for your application and your unique algorithmic complexity to achieve these requirements

GIGO (Garbage In Garbage out) : AI is trained on public code, in order for it to work properly Input validation, knowing your domain model, knowing algorithmic bounds to avoid race conditions, buffer overflows and understanding the output is important. Therefore knowing your inputs to produce output is extremely important in building safe and reliant systems

Building resilient systems: A lot of cyber attacks occur because of building unreliable systems. These are often caused by stack overflow or buffer overflow or memory leaks or misconfigured permissions. Last year's crowdstrike incident based on literature available now, was because of excessive permission to kernel function and not having enough test cases and validating assumptions led to this failure. To build resilient systems, you need to design systems right from the high level design, know the type of data structures to use whether it is a graph, linked list, array or BST,  critically examine the code and also build enough test cases to think of edge cases.  Plus another thing is keep improving the products when your assumptions are broken. Ross Anderson's book gives you a very interesting take on Reliability and security engineering which is a must read.

Debugging and optimisation: AI generated code is amazing when everything works. How about when things go wrong and you need a quick fix?? AI-generated code is pure magic... when it actually works. It's like having a personal wizard — until the spell backfires and suddenly your app is eating memory like it’s at an all-you-can-eat buffet. When things go wrong (and oh, they will), you need more than just "vibe" coding to fix it. Plus you are on a conference call with 95 people to fix a P1 incident watching your every move....IT IS THEN you understand why you need to actually understand the program — like, what’s under the hood, which data structures are secretly hoarding memory, and why your app is behaving like it's possessed. Spoiler: knowing your fundamentals turns you from "panicked I am having trouble screen sharing" to "debugging sorcerer."

Career growth: Understanding algorithms, distributed systems, or cryptography are all important. All of these concepts solely rely on understanding your fundamentals. If you want to grow beyond code generation and into architectural or security design roles, or leadership roles foundational knowledge is non-negotiable.