Secure code generation with LLMs
Bar, Kaushik
Secure code generation with LLMs : risk assessment and mitigation strategies - Vol.17(1), Feb - Hyderabad IUP Publications 2024 - 75-95p.
Artificial intelligence (AI)-powered code generation tools, such as GitHub Copilot and OpenAI Codex, have revolutionized software development by automating code synthesis. However, concerns remain about the security of AI-generated code and its susceptibility to vulnerabilities. This study investigates whether AI-generated code can match or surpass human-written code in security, using a systematic evaluation framework. It analyzes AIgenerated code samples from state-of-the-art large language models (LLMs) and compares them against human-written code using static and dynamic security analysis tools. Additionally, adversarial testing was done to assess the robustness of LLMs against insecure code suggestions. The findings reveal that while AI-generated code can achieve functional correctness, it frequently introduces security vulnerabilities, such as injection flaws, insecure cryptographic practices, and improper input validation. To mitigate these risks, securityaware training methods and reinforcement learning techniques were explored to enhance the security of AI-generated code. The results highlight the key challenges in AI-driven software development and propose guidelines for integrating AI-assisted programming safely in real-world applications. This paper provides critical insights into the intersection of AI and cybersecurity, paving the way for more secured AI-driven code synthesis models.
EXTC Engineering
Secure code generation with LLMs : risk assessment and mitigation strategies - Vol.17(1), Feb - Hyderabad IUP Publications 2024 - 75-95p.
Artificial intelligence (AI)-powered code generation tools, such as GitHub Copilot and OpenAI Codex, have revolutionized software development by automating code synthesis. However, concerns remain about the security of AI-generated code and its susceptibility to vulnerabilities. This study investigates whether AI-generated code can match or surpass human-written code in security, using a systematic evaluation framework. It analyzes AIgenerated code samples from state-of-the-art large language models (LLMs) and compares them against human-written code using static and dynamic security analysis tools. Additionally, adversarial testing was done to assess the robustness of LLMs against insecure code suggestions. The findings reveal that while AI-generated code can achieve functional correctness, it frequently introduces security vulnerabilities, such as injection flaws, insecure cryptographic practices, and improper input validation. To mitigate these risks, securityaware training methods and reinforcement learning techniques were explored to enhance the security of AI-generated code. The results highlight the key challenges in AI-driven software development and propose guidelines for integrating AI-assisted programming safely in real-world applications. This paper provides critical insights into the intersection of AI and cybersecurity, paving the way for more secured AI-driven code synthesis models.
EXTC Engineering