In a statement, Vole said that it will open-source the methodology on GitHub, along with example models and other resources. The Volish software was trained on a data set of 13 million work items and bugs from 47,000 developers at Microsoft stored across AzureDevOps and GitHub repositories.  It is designed to support human experts.

Vole estimates that developers create 70 bugs per 1,000 lines of code and that fixing a bug takes 30 times longer than writing the code.  Microsoft hopes that the software will help save the $113 billion that is spent annually on identifying and fixing product defects.

In the course of architecting the model, Microsoft says that security experts approved the training data and that statistical sampling was used to provide those experts a manageable amount of data to review. The data was then encoded into representations called feature vectors and Microsoft researchers designed the system using a two-step process, in which the model first learned to classify security and non-security bugs and then to apply severity labels -- critical, important, low-impact -- to the security bugs.

Of course, it is unclear who or what checked the AI code.