Navigating (in)security of AI-generated code

被引：1

作者：

Ambati, Sri Haritha ^{[1
]}

Ridley, Norah ^{[1
]}

Branca, Enrico ^{[1
]}

Stakhanova, Natalia ^{[1
]}

机构：

[1] Univ Saskatchewan, Saskatoon, SK, Canada

来源：

2024 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2024年

关键词：

AI-generated code; ChatGPT; Bard; vulnerabilities;

D O I：

10.1109/CSR61664.2024.10679468

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The increasing use of large language models (LLMs) such as OpenAI's ChatGPT and Google's Bard in the software development industry raise questions about the security of generated code. Our research evaluates Java, C, and Python code samples that were generated by these LLMs. In our investigation, we assessed the consistency of code samples generated by each LLM, characterized the security of generated code, and asked both LLMs to evaluate and fix the weaknesses of their own generated code as well as the code of the other LLM. Using 133 unique prompts from Google Code Jam competitions, we produced 3,854 code samples across three distinct programming languages. We found that the code produced by these LLMs is frequently insecure and prone to weaknesses and vulnerabilities. This concerns human developers who must exercise caution while employing these LLMs.

引用

页码：30 / 37

页数：8

共 50 条

[1] DeVAIC: : A tool for security assessment of AI-generated code
Cotroneo, Domenico
De Luca, Roberta
Liguori, Pietro
INFORMATION AND SOFTWARE TECHNOLOGY, 2025, 177
[2] Automating the correctness assessment of AI-generated code for security contexts
Cotroneo, Domenico
Foggia, Alessio
Improta, Cristina
Liguori, Pietro
Natella, Roberto
JOURNAL OF SYSTEMS AND SOFTWARE, 2024, 216
[3] Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code
Improta, Cristina
2023 IEEE 34TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS, ISSREW, 2023, : 128 - 131
[4] AI-Generated Code Not Considered Harmful
Kendon, Tyson
Wu, Leanne
Aycock, John
PROCEEDINGS OF THE 25TH WESTERN CANADIAN CONFERENCE ON COMPUTING EDUCATION, 2023,
[5] Validating AI-Generated Code with Live Programming
Ferdowsi, Kasra
Huang, Ruanqianqian
James, Michael B.
Polikarpova, Nadia
Lerner, Sorin
PROCEEDINGS OF THE 2024 CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYTEMS (CHI 2024), 2024,
[6] Double-Edged Sword of LLMs: Mitigating Security Risks of AI-Generated Code
Bharadwaj, Ramesh
Parker, Ilya
DISRUPTIVE TECHNOLOGIES IN INFORMATION SCIENCES VII, 2023, 12542
[7] Navigating the Ethical Terrain of AI-Generated Text Tools: A Review
Abdelgadir Mohamed, Yasir
Mohamed, Abdul Hakim H. M.
Khanan, Akbar
Bashir, Mohamed
Adiel, Mousab A. E.
Elsadig, Muawia A.
IEEE ACCESS, 2024, 12 : 197061 - 197120
[8] Creating Thorough Tests for AI-Generated Code is Hard
Singhal, Shreya
Kumar, Viraj
PROCEEDINGS OF THE 16TH ANNUAL ACM INDIA COMPUTE CONFERENCE, COMPUTE 2023, 2023, : 108 - 111
[9] Assessing AI Detectors in Identifying AI-Generated Code: Implications for Education
Pan, Wei Hung
Chok, Ming Jie
Wong, Jonathan Leong Shan
Shin, Yung Xin
Poon, Yeong Shian
Yang, Zhou
Chong, Chun Yong
Lo, David
Lim, Mei Kuan
2024 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING EDUCATION AND TRAINING, ICSE-SEET 2024, 2024, : 1 - 11
[10] A Quantitative Analysis of Quality and Consistency in AI-generated Code
Clark, Autumn
Igbokwe, Daniel
Ross, Samantha
Zibran, Minhaz F.
2024 7TH INTERNATIONAL CONFERENCE ON SOFTWARE AND SYSTEM ENGINEERING, ICOSSE 2024, 2024, : 37 - 41

← 1 2 3 4 5 →