Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialHow AI coding is breathing new life into Rust
AI tools are making Rust a favorite language of developers — even those maintaining codebases like Microsoft’s.
Having gained adherents year after year over the past decade, the Rust programming language may be about to break out in new ways, as its well-known security, performance, and reliability combine with AI to improve existing codebases.
Microsoft distinguished engineer Galen Hunt kicked off a broad discussion on this topic when he wrote on LinkedIn about how he is leveraging Rust alongside AI coding: “My goal is to eliminate every line of C and C++ from Microsoft by 2030. Our strategy is to combine AI and algorithms to rewrite Microsoft’s largest codebases.”
And tech journalist Stephen J. Vaughan-Nichols wrote recently that Microsoft isn’t alone in teaming Rust with AI. “As I’ve been covering for some time now, the Linux developer community is also deeply engaging with AI and Rust. Linus Torvalds himself recently declared himself ‘a huge believer’ in using AI to maintain code.”
Stephen J. Vaughan-NicholsMaintainers and developers are now using AI to help build Linux. Simultaneously, Rust has graduated to being a co-equal language with C for mainstream Linux development.
Here’s what you need to know about the big shift to Rust — and how AI coding is making that a reality.
See webinar: Develop a Playbook for AI-Driven Software Risk
How does AI coding bolster Rust?
Rust appears to be benefiting from AI’s ability to make it easier to migrate from one programming language to another, said Jonathan Creekmore, a principal engineer at Dark Sky Technology. “If you take the simplest case of just AI-assisted code completion, AI can help you remember or learn syntax or standard library functions of the new programming language,” he explained.
Jonathan CreekmoreFurther, after you have written code, it is really easy to ask the AI, ‘Is this code I have written idiomatic for the language?’ and get feedback on how to make the code more idiomatic for the target language.
Does faster migration come with any caveats?
Creekmore cautioned that while AI can make migration easier, it does not eliminate the need to understand language semantics, runtime behavior, or ecosystem tradeoffs.
And Melody (MJ) Kaufmann, an author and instructor at O’Reilly Media, said that while AI has made language migration faster and more approachable — especially from C or C++ to Rust — it hasn’t made it automatic.
Melody (MJ) KaufmannIt’s very good at translating patterns and reducing friction, but humans still have to decide what the code should be, not just what it can be translated into.
Rosario Mastrogiacomo, chief strategy officer for Sphere Technology Solutions, is more skeptical. He said large language models (LLMs) are good at translating syntax, “shape-mapping” APIs, and producing first-pass rewrites that compile, as well as helping with the unglamorous work of generating wrappers, shims, scaffolding, and test harnesses.
Rosario MastrogiacomoBut the hard part of language migration is rarely syntax. It’s semantics and invariants: memory ownership assumptions, lifetime rules, concurrency contracts, error-handling behavior, performance characteristics, and compatibility expectations. AI helps you move faster, but it doesn’t automatically know what ‘correct’ means in a production OS subsystem without strong specs, tests, fuzzing, and human review.
Christopher Robinson, chief security architect at the Open Source Security Foundation (OpenSSF), said that while AI can help provide faster paths to learn about and pivot between languages on small projects, it is challenged by complex or composite codebases. “It lacks the context that exists in these older, large, complex systems, and that’s before you get to defend against hallucinations or other unique nuances of these large AI systems,” he said.
Christopher RobinsonIf anyone is looking to use AI to wholesale convert between languages, it is strongly suggested that experts review the proposed changes prior to deploying into existing projects to ensure it functions as intended and doesn’t introduce unplanned regressions or new vulnerabilities.
Is rewriting an OS in Rust a smart move?
O’Reilly’s Kaufmann said there would be some big advantages to rewriting Windows or Linux in Rust. "Rust changes the economics of OS security by eliminating entire classes of memory bugs before code ever ships, which reduces the long-term cost of fixing and responding to vulnerabilities,” she said.
The OpenSSF’s Robinson said that the major advantage to reimplementing portions of an operating system such as Windows or Linux in Rust is to take advantage of Rust’s strong type system to better encode the invariants around the interfaces in an operating system. “Since C is so bare-bones, a lot of invariants are described using code comments or documentation, and programmers have to keep a lot of context in their heads to write tricky kernel code correctly while respecting the invariants,” he explained.
Christopher RobinsonIn a strongly typed language like Rust, many invariants can be directly expressed in the type system, and the compiler can be leveraged to help make sure that the kernel programmer did the right thing.
Robinson also pointed out that while not all kernel code can be written using safe Rust, the unsafe keyword highlights exactly where extra scrutiny is required during review. “While not all kernel code in Rust can be safe, there is no safe subset of the C language, so all C code is effectively unsafe,” he noted. “That said, Rust is a more complex language and introduces a steeper learning curve, which can slow initial development for teams new to it.”
Joel Marcey, director of technology at the Rust Foundation, said that rewriting an operating system from scratch “would be a task of monumental proportions.”
Joel MarceyThese systems consist of tens of millions of lines of code and deeply intertwined dependencies. The pragmatic approach is incremental adoption — introducing Rust in carefully selected components where its benefits are most impactful.
Rust’s memory safety guarantees, performance characteristics, and strong tooling can reduce entire classes of vulnerabilities while maintaining low-level control, Marcey said. “A strong interoperability strategy is essential, allowing Rust components to coexist with existing C and C++ code,” he continued. “That’s how you gain security and reliability benefits without destabilizing mature systems.”
Why a Rust-only OS is unlikely
Marcey argued that an entirely Rust-based Windows or Linux is unlikely in the foreseeable future. “These operating systems have decades of legacy code, hardware dependencies, and ecosystem expectations built around C and C++,” he said.
Joel MarceyWhat we are already seeing — and will likely continue to see — is increased adoption of Rust in new components where safety and reliability are paramount. Over time, this can meaningfully improve the overall security posture of these systems without requiring an unrealistic, wholesale rewrite.
Dark Sky’s Creekmore said he is also skeptical about a Rust-only Windows or Linux. “I won’t say never, but I doubt it, even with the presence of automated conversion tools leveraging AI. I have seen many efforts over the years to convert from older languages to newer ones,” he continued. “It was going to happen with COBOL to Java, and there is still a lot of COBOL. It was going to happen with Ada and C++, and there is still Ada out there. Fortran is out there and will never die.”
Jonathan CreekmoreWhen you have working code, there is a lot of cost and risk associated with changing that working code into a new language — even if it is in a memory-unsafe language. The cost of the project is not just the cost associated with converting the code, but the cost associated with validating that the conversion did not break anything. What we are far more likely to see is incremental Rust adoption in new subsystems.