Double-edged sword of LLMs: mitigating security risks of AI-generated code

Ramesh Bharadwaj; Ilya Parker

doi:10.1117/12.2664116

15 June 2023 Double-edged sword of LLMs: mitigating security risks of AI-generated code

Ramesh Bharadwaj, Ilya Parker

Proceedings Volume 12542, Disruptive Technologies in Information Sciences VII; 125420I (2023) https://doi.org/10.1117/12.2664116
Event: SPIE Defense + Commercial Sensing, 2023, Orlando, Florida, United States

Abstract

With the increasing reliance on collaborative and cloud-based systems, there is a drastic increase in attack surfaces and code vulnerabilities. Automation is key for fielding and defending software systems at scale. Researchers in Symbolic AI have had considerable success in finding flaws in human-created code. Also, run-time testing methods such as fuzzing do uncover numerous bugs. However, the major deficiency of both approaches is the inability of the methods to fix the discovered errors. They also do not scale and defy automation. Static analysis methods also suffer from the false positive problem – an overwhelming number of reported flaws are not real bugs. This brings up an interesting conundrum: Symbolic approaches actually have a detrimental impact on programmer productivity, and therefore do not necessarily contribute to improved code quality. What is needed is a combination of automation of code generation using large language models (LLMs), with scalable defect elimination methods using symbolic AI, to create an environment for the automated generation of defect-free code.

Conference Presentation

Citation Download Citation

Ramesh Bharadwaj and Ilya Parker "Double-edged sword of LLMs: mitigating security risks of AI-generated code", Proc. SPIE 12542, Disruptive Technologies in Information Sciences VII, 125420I (15 June 2023); https://doi.org/10.1117/12.2664116

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
6 PAGES + PRESENTATION

DOWNLOAD PAPER SAVE TO MY LIBRARY

WATCH
PRESENTATION

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Artificial intelligence

Error analysis

Software development

Transformers

Machine learning

RELATED CONTENT

Acronym identification based on SpanBERT-CRF
Proceedings of SPIE (September 07 2022)

FNCSE contrastive learning for unsupervised sentence embedding with false...
Proceedings of SPIE (August 15 2023)

Artificial intelligence power grid parameter generation and identification method based...
Proceedings of SPIE (August 06 2023)

The technology of searching the associative rules while developing the...
Proceedings of SPIE (August 07 2017)

Automated Knowledge Acquisition Techniques For Intelligence Analysts
Proceedings of SPIE (March 21 1989)

PSD-BPA-based method for updating grid mode data
Proceedings of SPIE (September 25 2023)

Dynamic combined prediction method for error state of capacitor voltage...
Proceedings of SPIE (May 13 2024)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years