External Resources

Curated links to external research, documentation, tutorials, and community resources that complement the AEEF framework. Resources are organized by topic and verified for relevance.

Living Document

This page is updated quarterly. If you find a valuable resource that should be listed here, contribute via the Contributing Guide.

Research and Evidence

Academic and Industry Research

JetBrains: "Which AI Coding Tools Do Developers Actually Use" (April 2026) — 74% global AI tool adoption; Claude Code at 18% work usage, tied with Cursor; market dynamics analysis. https://blog.jetbrains.com/research/2026/04/which-ai-coding-tools-do-developers-actually-use-at-work/
Pragmatic Engineer: AI Tooling Survey 2026 (February) — 95% weekly AI usage; Claude Code #1 most-loved (46%); 55% regular agent usage; Codex explosive growth. https://newsletter.pragmaticengineer.com/p/ai-tooling-2026
GitClear: "Coding on Copilot" (2024) — The study behind AEEF's "1.7x more issues" statistic. Analyzes code quality trends across 150M+ lines of code with AI assistance. https://www.gitclear.com/coding_on_copilot_data_shows_ais_downward_pressure_on_code_quality
Stanford/UIUC: Security of AI-Generated Code (2023) — Found that AI-assisted developers produce less secure code while being more confident in its security. Source for the "2.74x vulnerability rate" statistic. https://arxiv.org/abs/2211.03622
GitHub: The State of the Octoverse (annual) — Tracks AI tool adoption rates across the developer ecosystem. 2026 report shows 51% of commits AI-assisted. https://github.blog/news-insights/octoverse/
McKinsey: "The Economic Potential of Generative AI" (2023) — Estimates that generative AI could increase developer productivity by 20-45%. https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier
Google DeepMind: "Large Language Models for Code" (2024) — Survey of LLM capabilities and limitations for code generation. https://arxiv.org/abs/2311.10372
CodeRabbit: State of AI Code Quality Report 2026 — First comprehensive AI code quality dataset with methodology for local validation. https://coderabbit.ai

Security Research

OWASP: AI Security and Privacy Guide — Comprehensive guide to security risks in AI applications. https://owasp.org/www-project-ai-security-and-privacy-guide/
OWASP: Top 10 for LLM Applications — The most critical security risks for applications using LLMs. https://owasp.org/www-project-top-10-for-large-language-model-applications/
NIST AI Risk Management Framework — US government framework for AI risk management. https://www.nist.gov/artificial-intelligence/executive-order-safe-secure-and-trustworthy-artificial-intelligence

Tool Documentation

AI Coding Assistants

Tool	Official Docs	Getting Started
GitHub Copilot	docs.github.com/copilot	Quickstart
Cursor	docs.cursor.com	Getting Started
Claude Code	docs.anthropic.com/claude-code	Quickstart
OpenAI Codex CLI	github.com/openai/codex	CLI Reference
Kimi Code	platform.moonshot.cn	API Docs
Gemini Code Assist	cloud.google.com/gemini	Setup Guide
Cody (Sourcegraph)	sourcegraph.com/docs/cody	Getting Started
Continue.dev	docs.continue.dev	Quickstart
Windsurf	docs.codeium.com	Getting Started

Security Scanning Tools (Free)

Tool	What It Does	Docs
Semgrep	SAST — finds security patterns in code	semgrep.dev/docs
Trivy	Vulnerability scanner for containers and filesystems	aquasecurity.github.io/trivy
npm audit	Node.js dependency vulnerability checking	docs.npmjs.com/cli/audit
pip-audit	Python dependency vulnerability checking	github.com/pypa/pip-audit
govulncheck	Go vulnerability checking	pkg.go.dev/golang.org/x/vuln
TruffleHog	Secret detection in code	github.com/trufflesecurity/trufflehog

Standards and Frameworks

AI Governance Standards

Standard	Scope	Relevance
ISO/IEC 42001	AI Management System	Foundation for AEEF's governance structure
EU AI Act	European AI regulation	Compliance requirements for EU-serving organizations
EU AI Act Code of Practice	GPAI voluntary guidance	Transparency and safety requirements for general-purpose AI
NIST AI RMF	US AI risk management	Risk management approach referenced in Pillar 2
IEEE 7000	Ethical AI design	Ethics-by-design principles

Vendor-Published Standards

Standard	Publisher	Description
OpenAI Model Spec	OpenAI	Intended behavior specification for OpenAI models including tool use, safety, and refusal patterns
Anthropic AI Safety Framework	Anthropic	Comprehensive AI safety framework with risk assessment, transparency, and monitoring protocols
Google SAIF	Google	Secure AI Framework for enterprise AI security

Software Development Standards

Standard	Scope	Relevance
ISO 27001	Information security management	Security controls for AI tool data handling
SOC 2 Type II	Service organization controls	Audit evidence for AI governance
OWASP ASVS	Application security verification	Security testing requirements

KSA-Specific Regulations

Regulation	Authority	AEEF Reference
SAMA CSF	Saudi Central Bank	SAMA-CSF Integration
SDAIA AI Ethics	Saudi Data and AI Authority	SDAIA Ethics & Traceability
NTP/PDPL	Personal Data Protection Law	Data classification requirements

Learning Resources

Free Courses and Tutorials

GitHub Copilot Fundamentals — Official learning path for Copilot best practices https://learn.microsoft.com/en-us/training/modules/introduction-to-github-copilot/
Anthropic: Prompt Engineering Guide — Comprehensive guide to effective prompting https://docs.anthropic.com/en/docs/build-with-claude/prompt-engineering/overview
OpenAI Codex CLI Tutorial — Getting started with the open-source CLI agent https://github.com/openai/codex
Kimi API Documentation — Moonshot AI platform documentation https://platform.moonshot.cn/docs
DeepLearning.AI: ChatGPT Prompt Engineering for Developers — Free course on structured prompting https://www.deeplearning.ai/short-courses/chatgpt-prompt-engineering-for-developers/
Semgrep Academy — Free training on SAST and security scanning https://academy.semgrep.dev/

Books

"AI-Assisted Programming" by Tom Taulli (O'Reilly, 2024) — Practical guide covering Copilot, ChatGPT, and other tools for daily development
"Software Engineering at Google" (O'Reilly, 2020) — While pre-AI, its chapters on code review, testing culture, and engineering productivity directly inform AEEF's Pillar 1 and Pillar 3

Conference Talks (Recommended)

"The Hidden Costs of AI-Generated Code" (StrangeLoop 2024) — Analysis of AI code quality in production environments
"Responsible AI Engineering at Scale" (QCon 2024) — Enterprise AI governance practices
"Agent Swarm Patterns" (QCon 2026) — Multi-agent coordination architectures (search for latest)

Community

Discussion Forums

GitHub Discussions — Active community around Copilot, Codespaces, and AI development tools https://github.com/orgs/community/discussions
r/ChatGPTCoding — Reddit community focused on AI-assisted programming https://www.reddit.com/r/ChatGPTCoding/
Cursor Forum — Official community forum for Cursor users https://forum.cursor.com/
Kimi Community — Moonshot AI developer community (Chinese/English) https://platform.moonshot.cn/community

Newsletters

The AI Coding Report — Weekly digest of AI coding tool updates and best practices
TLDR AI — Daily AI news including development tool updates https://tldr.tech/ai
Pragmatic Engineer — In-depth engineering and AI tooling analysis https://newsletter.pragmaticengineer.com

Agentic Architecture References

Ashpreet Bedi: "Agentic Software Engineering" (2026) — Defines six pillars of agentic software (Durability, Isolation, Governance, Persistence, Scale, Composability) and a practical three-tier tool authority model (auto-execute / elicit / approve). The elicitation pattern has been adopted in PRD-STD-009. https://x.com/ashpreetberi
Agno (formerly Phidata) — Open-source agentic runtime platform providing containerized agent serving with persistent storage, structured elicitation, and layered tool approval. Demonstrates the infrastructure layer needed to run agents as production services. https://github.com/agno-agi/agno
Brij Kishore Pandey: Claude Code Project Structure — Reference directory layout for Claude Code projects with per-module CLAUDE.md files, structured .claude/ configuration (hooks, skills, settings), and separated tools/ and docs/ directories. Pattern adopted in Starter Repo Blueprints.
Moonshot AI: Kimi K2.5 Technical Report — Architecture details for Agent Swarm, multimodal training, and MoE design. https://github.com/MoonshotAI/Kimi-K2.5

Framework	Focus	How It Relates to AEEF
DORA Metrics	DevOps performance	AEEF's KPI framework incorporates DORA-style metrics
SPACE Framework	Developer productivity	Informs AEEF's Pillar 3 productivity measurement approach
Microsoft's Responsible AI Standard	Enterprise AI governance	Similar governance structure, broader scope (not code-specific)
Google's SAIF	Secure AI Framework	Security-focused complement to AEEF's Pillar 2
OpenAI Model Spec	Model behavior specification	Behavioral expectations for tool integration
Anthropic Safety Framework	AI safety research	Governance-aligned research and red-teaming approaches

Changelog

Date	Changes
April 2026	Added JetBrains 2026 survey, Pragmatic Engineer 2026, OpenAI Model Spec, Anthropic Safety Framework, Kimi Code documentation
February 2026	Initial v1.0.0 release

Research and Evidence​

Academic and Industry Research​

Security Research​

Tool Documentation​

AI Coding Assistants​

Security Scanning Tools (Free)​

Standards and Frameworks​

AI Governance Standards​

Vendor-Published Standards​

Software Development Standards​

KSA-Specific Regulations​

Learning Resources​

Free Courses and Tutorials​

Books​

Conference Talks (Recommended)​

Community​

Discussion Forums​

Newsletters​

Agentic Architecture References​

Related Frameworks​

Changelog​