Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yan, Hao, Vaidya, Swapneel Suhas, Zhang, Xiaokuan, Yao, Ziyu
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2506.23034
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866915364035624960
author Yan, Hao
Vaidya, Swapneel Suhas
Zhang, Xiaokuan
Yao, Ziyu
author_facet Yan, Hao
Vaidya, Swapneel Suhas
Zhang, Xiaokuan
Yao, Ziyu
contents Large Language Models (LLMs) have become powerful tools for automated code generation. However, these models often overlook critical security practices, which can result in the generation of insecure code that contains vulnerabilities-weaknesses or flaws in the code that attackers can exploit to compromise a system. However, there has been limited exploration of strategies to guide LLMs in generating secure code and a lack of in-depth analysis of the effectiveness of LLMs in repairing code containing vulnerabilities. In this paper, we present a comprehensive evaluation of state-of-the-art LLMs by examining their inherent tendencies to produce insecure code, their capability to generate secure code when guided by self-generated vulnerability hints, and their effectiveness in repairing vulnerabilities when provided with different levels of feedback. Our study covers both proprietary and open-weight models across various scales and leverages established benchmarks to assess a wide range of vulnerability types. Through quantitative and qualitative analyses, we reveal that although LLMs are prone to generating insecure code, advanced models can benefit from vulnerability hints and fine-grained feedback to avoid or fix vulnerabilities. We also provide actionable suggestions to developers to reduce vulnerabilities when using LLMs for code generation.
format Preprint
id arxiv_https___arxiv_org_abs_2506_23034
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Guiding AI to Fix Its Own Flaws: An Empirical Study on LLM-Driven Secure Code Generation
Yan, Hao
Vaidya, Swapneel Suhas
Zhang, Xiaokuan
Yao, Ziyu
Software Engineering
Large Language Models (LLMs) have become powerful tools for automated code generation. However, these models often overlook critical security practices, which can result in the generation of insecure code that contains vulnerabilities-weaknesses or flaws in the code that attackers can exploit to compromise a system. However, there has been limited exploration of strategies to guide LLMs in generating secure code and a lack of in-depth analysis of the effectiveness of LLMs in repairing code containing vulnerabilities. In this paper, we present a comprehensive evaluation of state-of-the-art LLMs by examining their inherent tendencies to produce insecure code, their capability to generate secure code when guided by self-generated vulnerability hints, and their effectiveness in repairing vulnerabilities when provided with different levels of feedback. Our study covers both proprietary and open-weight models across various scales and leverages established benchmarks to assess a wide range of vulnerability types. Through quantitative and qualitative analyses, we reveal that although LLMs are prone to generating insecure code, advanced models can benefit from vulnerability hints and fine-grained feedback to avoid or fix vulnerabilities. We also provide actionable suggestions to developers to reduce vulnerabilities when using LLMs for code generation.
title Guiding AI to Fix Its Own Flaws: An Empirical Study on LLM-Driven Secure Code Generation
topic Software Engineering
url https://arxiv.org/abs/2506.23034