Skip to yearly menu bar Skip to main content


Poster
in
Workshop: Challenges in Deployable Generative AI

Large Language Models for Code: Security Hardening and Adversarial Testing

Jingxuan He · Martin Vechev

Keywords: [ prompt tuning ] [ large language models ] [ code generation ] [ security ]


Abstract:

Large language models (large LMs) are increasingly used to generate code. However, LMs lack awareness of security and are found to frequently produce unsafe code. This work studies the security of LMs along two important axes: (i) security hardening, which enhances LMs' reliability in generating secure code, and (ii) adversarial testing, which evaluates LMs' security at an adversarial standpoint. To address both, we propose a novel method called SVEN, which leverages continuous prompts to control LMs to generate secure or unsafe code. We optimize these continuous vectors by enforcing specialized loss terms on different code regions, using a high-quality dataset carefully curated by us. Our extensive evaluation shows that SVEN achieves strong security control and preserves functional correctness.

Chat is not available.