Neon sunglasses logo

troels.im

Level Up Your Coding Game with AI & Rust!

Made with ❤️ by @troels_im

Raining colors

Why Rust Is the Perfect Language for AI-Assisted Development

If you've been following the AI coding debate, you've probably heard both extremes: either AI will replace all developers by next Tuesday, or it's just overhyped autocomplete that writes buggy code. The truth, as usual, is more interesting than either extreme.

Google just dropped some compelling data from Android development that cuts through the noise. After years of integrating Rust into Android, they're seeing a 1000x reduction in memory safety vulnerability density compared to C and C++. But here's what caught my attention: Rust code has a 4x lower rollback rate and spends 25% less time in code review.

Think about that for a second. The safer code is also the faster code to ship.

This isn't just a security win—it's a fundamental shift in how we think about the relationship between safety and velocity. And it has everything to do with why Rust is uniquely suited for the AI-assisted development era we're living in.

The AI Velocity Paradox

Here's the uncomfortable reality: AI tools help you write code faster, but that speed often creates downstream chaos. You're shipping more code, sure, but you're also shipping more bugs, more security vulnerabilities, and more technical debt that someone—probably you—will have to deal with later.

Studies show that up to 40% of AI-generated code contains bugs or security flaws. When you're accepting suggestions at breakneck speed, how many of those flaws are making it into production?

The problem isn't AI—it's that most languages don't have strong enough guardrails to catch AI's mistakes before they become your problems.

Rust's Compiler: Your AI's Safety Net

This is where Rust changes the game. Rust's compiler is famously strict—some would say annoyingly strict. It forces you to handle errors, manage memory correctly, and think through edge cases before your code even compiles.

When you're working with AI-generated code, this strictness becomes your superpower.

Let me give you a concrete example. Say you prompt an AI assistant to generate some code that manipulates a vector. In languages like Python or JavaScript, the AI might give you code that looks clean but has subtle bugs: off-by-one errors, null pointer dereferences, race conditions in concurrent code.

That code will run. It might even pass your tests. But it'll fail in production when you hit that edge case the AI didn't consider.

In Rust? That code won't compile. The compiler forces the AI—and you—to handle the error cases, manage ownership correctly, and think through the concurrent access patterns. The bugs that would be runtime failures in other languages become compile-time errors in Rust.

The Android Data Tells the Story

Google's Android team has been living this reality for years now. They adopted Rust specifically for its security benefits, but the productivity gains caught them by surprise.

With Rust changes having a 4x lower rollback rate than C++, you're not just writing safer code—you're saving yourself from the organizational nightmare that rollbacks create. Rollbacks mean emergency meetings, postmortems, new safeguards, and process overhead that slows down everyone.

The 25% reduction in code review time is equally telling. When the compiler has already caught the obvious bugs, reviewers can focus on architecture, business logic, and the things that actually matter. You're not wasting time pointing out null checks and memory leaks that Rust would never have allowed in the first place.

Why This Matters for AI-Assisted Development

When you're using AI to accelerate development, you need strong feedback loops. You need to know when the AI has made a mistake, and you need to know it immediately—not three weeks later when a customer reports a crash.

Rust gives you those feedback loops through its type system and compiler. It's like having a second AI assistant that specializes in catching the first AI's mistakes.

Here's what this looks like in practice:

Type-driven development: Rust's strong type system helps guide AI suggestions. When you define your types clearly, the AI has a much better understanding of what code is valid and what isn't.

Immediate feedback: The compiler catches issues instantly. No need to write extensive tests to catch basic safety violations—the compiler does that for you.

Forced error handling: Rust's Result and Option types force you to handle errors explicitly. This means AI-generated code can't silently ignore failures or return null when you're not expecting it.

Memory safety without garbage collection: You get predictable performance and no memory leaks, even when rapidly iterating with AI assistance.

The Near-Miss That Proves the Point

Google recently had what they call a "near-miss"—they almost shipped their first Rust-based memory safety vulnerability in Android. A linear buffer overflow in CrabbyAVIF that was caught before release.

But here's the key insight: even with this near-miss, their estimated vulnerability density for Rust is 0.2 vulnerabilities per million lines of code. For C and C++? It's closer to 1,000 per million lines.

That's not a rounding error. That's a fundamental shift in what's possible.

And even in that near-miss, Android's hardened allocator (Scudo) made the vulnerability non-exploitable. The defense-in-depth approach worked, but the fact that Rust got them this close to zero vulnerabilities in the first place is remarkable.

The "Unsafe" Question

Now, some of you are thinking: "But Rust has unsafe blocks! Doesn't that defeat the purpose?"

Google's data addresses this directly. Roughly 4% of Rust code uses unsafe blocks, and the speculation has been that this unsafe code might be more buggy than regular C or C++.

The evidence shows this to be wrong. Even conservative estimates suggest that unsafe Rust is significantly safer than equivalent C or C++ code.

Why? A few reasons:

  1. Limited scope: Unsafe blocks are isolated, small, and clearly marked. You know exactly where the risky code lives.
  1. Safe abstractions: Unsafe code is typically wrapped in safe APIs, limiting the blast radius of any potential bugs.
  1. Heightened scrutiny: Because unsafe blocks are explicit, they receive much more careful review and attention.
  1. Better tooling: The Rust ecosystem has excellent tools for auditing and analyzing unsafe code.

When you're using AI to generate Rust code, unsafe blocks are rare, and when they do appear, they're obvious. You can immediately flag them for extra review.

Moving Fast While Fixing Things

The traditional trade-off in software development has been: you can move fast, or you can be safe, but not both. Google's subtitle for their blog post captures the paradigm shift: "move fast and fix things."

Not "move fast and break things." Not "go slow to stay safe." Move fast AND fix things.

This is exactly what you want when working with AI assistants. You want to leverage AI's speed while maintaining—or even improving—code quality and security.

Rust makes this possible because:

  • The compiler catches mistakes immediately: No waiting for tests, code review, or production incidents to find basic safety violations.
  • Type inference reduces boilerplate: You get safety without drowning in type annotations.
  • The ecosystem is modern: Cargo, the standard tooling, and the community practices all align with rapid, iterative development.
  • Zero-cost abstractions: You can write high-level code without sacrificing performance.

Practical Implications

If you're doing serious development with AI assistance, here's what this means for you:

Start with clear types: Define your data structures and APIs clearly. This gives both you and the AI a solid foundation to build on.

Trust the compiler: When Rust's compiler complains, listen. It's often catching bugs that would be subtle runtime failures in other languages.

Embrace the strict error handling: Yes, dealing with Result and Option types can feel verbose at first, but it forces you to think through error cases that AI-generated code often ignores.

Use AI for boilerplate: Let AI generate the repetitive code—Rust's compiler will catch any mistakes. Focus your human attention on architecture and business logic.

Review unsafe blocks carefully: If AI generates unsafe code, that's your signal to slow down and review carefully. But you'll find this happens rarely.

The Future Is Already Here

The Android data isn't theoretical. It's production code, at massive scale, over multiple years. This isn't a proof of concept—it's proof that works.

As AI coding assistants become more prevalent, the languages that provide strong compile-time guarantees will pull ahead. You'll be able to move faster because you'll spend less time debugging, less time in code review, and less time dealing with production incidents.

The question isn't whether AI will change how we code—it already has. The question is: are you using tools that amplify AI's strengths while compensating for its weaknesses?

Rust does exactly that. The compiler is strict enough to catch AI's mistakes, but flexible enough to let you move fast. The type system is strong enough to guide AI suggestions, but ergonomic enough that you're not fighting it all day.

We're at an inflection point. The developers who figure out how to use AI effectively, with languages that provide proper guardrails, are going to be dramatically more productive than those who don't.

And right now, Rust is offering the best of both worlds: AI-assisted velocity with compile-time safety guarantees that actually work.

Wrapping Up

The data from Android is clear: Rust's combination of safety and velocity isn't a trade-off—it's a multiplier. When you're using AI to accelerate development, you need that multiplier more than ever.

Memory safety vulnerabilities down by 1000x. Rollback rates down by 4x. Code review time down by 25%. These aren't small improvements—they're transformational.

If you're betting on AI to accelerate your development workflow, you should also be betting on languages that make AI-generated code safer by default. Right now, that means Rust.

The future of development isn't just AI-assisted. It's AI-assisted with strong compile-time guarantees. And Rust is showing us what that future looks like today.