Why demanding justification from your AI assistant is the key to building secure, reliable, and trustworthy software.
Code reviews are a cornerstone of quality software development. They catch bugs, enforce standards, and spread knowledge across a team. With the rise of Large Language Models (LLMs) like GitHub Copilot and ChatGPT, developers have powerful new assistants that can suggest code, identify issues, and even refactor entire files. But with great power comes great responsibility—and a critical need for trust.
How can you be sure an AI’s suggestion is secure, efficient, and correct? How do you move from blindly accepting suggestions to thoughtfully collaborating with an AI? The answer lies in explainable AI (XAI), a set of methods and principles that make the decision-making process of an AI model understandable to humans.
This guide explores how to integrate explainability into your AI-assisted code review process. You’ll learn practical tactics to demand better justifications from your AI, vet its suggestions, and ultimately build more trustworthy and reliable software.
Explainable AI (XAI) is a field of artificial intelligence focused on making AI-generated results understandable to humans. Instead of a “black box” where data goes in and a decision comes out, an explainable system shows its work, revealing the “why” behind its conclusions.
In the context of code reviews, an explainable LLM doesn’t just suggest a change; it explains why that change is necessary. It might reference security vulnerabilities, point to performance bottlenecks, or cite team-specific coding conventions. This transparency is the foundation of building trust in AI-powered tools. Without it, developers are left guessing whether an AI’s suggestion is a brilliant shortcut or a hidden liability.
True explainability in LLMs is an emerging field, but we can apply its principles today through a combination of smart prompting, process changes, and verification techniques. You don’t need to be an AI researcher to make your AI assistant more transparent.
It boils down to a simple, powerful idea: demand justification.
When an LLM suggests a code change, ask it to defend its position. This can be done through carefully crafted prompts or by establishing team-wide standards for AI-assisted contributions.
Here are a few tactics for getting explanations from an AI:
- Reference documentation: Ask the AI to cite official documentation or well-regarded sources to support its suggestion. For example: “Refactor this function and include a link to the official documentation that explains the primary methods used.”
- Trace code origins: Request that the AI identify the potential origin or programming patterns it used. This helps ensure the code isn’t inadvertently copied from a source with an incompatible license.
- Justify the “why”: Require a plain-English explanation for every suggested change. Why is this new version better? Is it faster? More secure? Easier to read?
- Link to standards: For teams with established coding style guides, you can ask the AI to reference the specific rule its suggestion helps enforce.
By integrating these requests into your workflow, you shift the AI from a magical code generator to a collaborative partner that must justify its contributions just like any other team member.
Integrating explainability into your code review process isn’t just about building trust; it has tangible benefits for your team and your product.
- Improved code quality: When developers understand the reasoning behind a suggestion, they can make more informed decisions. This leads to code that is not just functional but also robust, secure, and maintainable.
- Enhanced security: An AI might suggest a code snippet that inadvertently introduces a security flaw. Requiring explanations—especially around data handling, authentication, and external library usage—forces a critical check on potential vulnerabilities.
- Faster developer onboarding: Junior developers can learn best practices much faster when an AI doesn’t just fix their code but also explains the underlying principles. It’s like having a senior developer available for a peer review 24/7.
- Consistent standards: You can use an LLM to enforce team-wide coding conventions, but only through explainability can you ensure it does so accurately and educates developers on those standards in the process.
Ultimately, making explainability a core part of your AI-assisted workflow transforms LLMs from a productivity hack into a strategic asset for improving engineering excellence.
Building trust in an AI assistant requires a healthy dose of skepticism. While these tools are incredibly powerful, they are not infallible. Every developer should have a mental checklist for vetting AI-generated code.
Here is a checklist to help you build that habit:
- Verify the source: Did the AI reference documentation or a known, trusted source? If so, click the link and read it. Don’t take the AI’s summary at face value.
- Test the logic: Does the suggestion make logical sense? Walk through the code line by line, just as you would with code written by a human. Does it handle edge cases?
- Run the code: Never accept a suggestion without running it first. Compile it, run the associated tests, and, if necessary, write new tests to cover the changes.
- Check for plagiarism: Use tools to ensure the code isn’t a direct copy from a source with a restrictive license. Ask the AI: “Is this code copied from a public repository? If so, which one and what is its license?”
- Evaluate for complexity: Is the AI’s suggestion overly clever or complex? Sometimes the most “efficient” code is also the hardest to maintain. Prioritize clarity and readability.
This vetting process ensures you remain the human in the loop, using the AI as a powerful assistant, not an oracle.
While the benefits are clear, implementing explainable AI in your code review process comes with its own set of challenges.
- The illusion of understanding: LLMs are masters of confident-sounding prose. An AI can generate a very plausible-sounding explanation that is subtly wrong or completely fabricated. This is why human verification is non-negotiable.
- Over-reliance on the AI: It’s easy to become complacent and start accepting AI suggestions without proper scrutiny. Teams must actively foster a culture of critical review for all code, regardless of its origin.
- Prompt engineering is a skill: Getting a good explanation from an LLM requires well-crafted prompts. This is a new skill that developers and teams need to learn and refine over time.
- Performance vs. explainability: In some cases, the most performant solution might be the most complex and difficult to explain. Teams need to strike a balance that aligns with their long-term maintenance goals.
Recognizing these challenges is the first step toward mitigating them. The goal is not to achieve perfect explainability but to build a process that promotes critical thinking and human oversight.
Building trustworthy software starts with a solid foundation of security and user management. While Kinde doesn’t generate code, its features are designed with clarity, security, and ease of implementation in mind, aligning with the principles of trustworthy systems.
A well-designed authentication and authorization system is a critical component of secure applications. By handling the complexities of user management, Kinde allows developers to focus on their core product, confident that the security layer is built on proven standards. This separation of concerns is itself a form of architectural clarity, making the overall system easier to understand, maintain, and trust.
For example, implementing role-based access control is a critical security task. Kinde’s APIs and SDKs provide a clear, well-documented path to setting up roles and permissions, reducing the risk of accidental misconfiguration. When your foundational security is clear and easy to verify, you create a more trustworthy product.
Get started now
Boost security, drive conversion and save money — in just a few minutes.