Double-edged sword of LLMs: mitigating security risks of AI-generated code

Ramesh Bharadwaj; Ilya Parker

doi:10.1117/12.2664116

15 June 2023 Double-edged sword of LLMs: mitigating security risks of AI-generated code

Ramesh Bharadwaj, Ilya Parker

Author Affiliations +

Proceedings Volume 12542, Disruptive Technologies in Information Sciences VII; 125420I (2023) https://doi.org/10.1117/12.2664116
Event: SPIE Defense + Commercial Sensing, 2023, Orlando, Florida, United States

Abstract

With the increasing reliance on collaborative and cloud-based systems, there is a drastic increase in attack surfaces and code vulnerabilities. Automation is key for fielding and defending software systems at scale. Researchers in Symbolic AI have had considerable success in finding flaws in human-created code. Also, run-time testing methods such as fuzzing do uncover numerous bugs. However, the major deficiency of both approaches is the inability of the methods to fix the discovered errors. They also do not scale and defy automation. Static analysis methods also suffer from the false positive problem – an overwhelming number of reported flaws are not real bugs. This brings up an interesting conundrum: Symbolic approaches actually have a detrimental impact on programmer productivity, and therefore do not necessarily contribute to improved code quality. What is needed is a combination of automation of code generation using large language models (LLMs), with scalable defect elimination methods using symbolic AI, to create an environment for the automated generation of defect-free code.

Conference Presentation

Citation Download Citation

Ramesh Bharadwaj and Ilya Parker "Double-edged sword of LLMs: mitigating security risks of AI-generated code", Proc. SPIE 12542, Disruptive Technologies in Information Sciences VII, 125420I (15 June 2023); https://doi.org/10.1117/12.2664116

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

;

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
6 PAGES + PRESENTATION

DOWNLOAD PAPER SAVE TO MY LIBRARY

WATCH
PRESENTATION

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Artificial intelligence

Error analysis

Software development

Transformers

Machine learning

RELATED CONTENT

Acronym identification based on SpanBERT-CRF
Proceedings of SPIE (September 07 2022)

Curriculum-heavy reinforcement learning for multi-domain operations
Proceedings of SPIE (June 12 2023)

Application of artificial intelligence technology in real time electricity price...
Proceedings of SPIE (May 31 2023)

A review for ontology construction from unstructured texts by using...
Proceedings of SPIE (April 22 2022)

Improved face transformer model for facial emotion recognition in human...
Proceedings of SPIE (June 07 2024)

Applying machine learning to electronic form filling
Proceedings of SPIE (March 11 1993)

Development Of Knowledge Systems For Trouble Shooting Complex Production Machinery
Proceedings of SPIE (May 11 1987)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years