Engineers Debate Certifying AI-Generated Code

The core issue with certifying AI-generated code under DO-178C is the standard's foundation in deterministic, provable software, whereas AI models are probabilistic. For the most critical software (DAL A), every single line of code must be traceable to a requirement and its logic exhaustively tested—a standard that fundamentally clashes with the nature of a neural network, which learns from data rather than being explicitly designed. Modified Condition/Decision Coverage (MC/DC), a cornerstone of DO-178C for DAL A, requires demonstrating that each condition in a decision can independently affect the outcome. This is nearly impossible for a neural network, where millions of weighted parameters act as a single, complex decision-making unit, making it infeasible to isolate and test the "independence" of a single parameter. To bridge this gap, new verification strategies are emerging. One key approach is Runtime Assurance (RTA), which uses a certified safety monitor to watch the AI's behavior during operation. If the AI component attempts an unsafe action, a simpler, verified recovery function takes over, ensuring the system remains within safe operational bounds as outlined in standards like ASTM F3269. Another approach involves Formal Methods, which use mathematical techniques to prove that a system's behavior will remain within specified boundaries. Instead of testing a near-infinite number of scenarios, methods like abstract interpretation and reachability analysis can verify properties of a neural network, such as ensuring its outputs for all possible inputs within a defined range stay within a safe region. Regulatory bodies are proceeding with caution. The European Union Aviation Safety Agency (EASA) is taking a more prescriptive approach, releasing its "AI Roadmap 2.0" and concept papers to guide development. The FAA's "Roadmap for Artificial Intelligence Safety Assurance" is currently less prescriptive, aiming to encourage innovation by allowing the industry to mature the technology before setting firm rules. The challenge of explainability is also central to the debate. Before regulators can certify an AI, developers must be able to explain how the model arrives at its decisions, a field known as Explainable AI (XAI). This is crucial for understanding potential failure modes and building trust in the system's autonomy. While full certification remains a future goal, AI is already flying in complex, safety-critical scenarios. In 2023, DARPA's Air Combat Evolution (ACE) program used AI agents to autonomously fly the X-62A VISTA, a modified F-16, in simulated dogfights against a human-piloted F-16. These tests, with safety pilots on board, are providing critical data on human-machine teaming and autonomous tactical maneuvering.