Salvato in:
| Autori principali: | , , , , , , , , , , , , , |
|---|---|
| Natura: | Preprint |
| Pubblicazione: |
2025
|
| Soggetti: | |
| Accesso online: | https://arxiv.org/abs/2507.19060 |
| Tags: |
Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
|
| _version_ | 1866918202230964224 |
|---|---|
| author | Liu, Jiawei Diwan, Nirav Wang, Zhe Zhai, Haoyu Zhou, Xiaona Nguyen, Kiet A. Yu, Tianjiao Wahed, Muntasir Deng, Yinlin Benkraouda, Hadjer Wei, Yuxiang Zhang, Lingming Lourentzou, Ismini Wang, Gang |
| author_facet | Liu, Jiawei Diwan, Nirav Wang, Zhe Zhai, Haoyu Zhou, Xiaona Nguyen, Kiet A. Yu, Tianjiao Wahed, Muntasir Deng, Yinlin Benkraouda, Hadjer Wei, Yuxiang Zhang, Lingming Lourentzou, Ismini Wang, Gang |
| contents | We introduce PurpCode, the first post-training recipe for training safe code reasoning models towards generating secure code and defending against malicious cyberactivities. PurpCode trains a reasoning model in two stages: (i) Rule Learning, which explicitly teaches the model to reference cybersafety rules to generate vulnerability-free code and to avoid facilitating malicious cyberactivities; and (ii) Reinforcement Learning, which optimizes model safety and preserves model utility through diverse, multi-objective reward mechanisms. To empower the training pipelines with comprehensive cybersafety data, we conduct internal red-teaming to synthesize comprehensive and high-coverage prompts based on real-world tasks for inducing unsafe cyberactivities in the model. Based on PurpCode, we develop a reasoning-based coding model, namely PurpCode-32B, which demonstrates state-of-the-art cybersafety, outperforming various frontier models. Meanwhile, our alignment method decreases the model overrefusal rates in both general and cybersafety-specific scenarios, while preserving model utility in both code generation and common security knowledge. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2507_19060 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | PurpCode: Reasoning for Safer Code Generation Liu, Jiawei Diwan, Nirav Wang, Zhe Zhai, Haoyu Zhou, Xiaona Nguyen, Kiet A. Yu, Tianjiao Wahed, Muntasir Deng, Yinlin Benkraouda, Hadjer Wei, Yuxiang Zhang, Lingming Lourentzou, Ismini Wang, Gang Cryptography and Security Computation and Language Machine Learning Software Engineering We introduce PurpCode, the first post-training recipe for training safe code reasoning models towards generating secure code and defending against malicious cyberactivities. PurpCode trains a reasoning model in two stages: (i) Rule Learning, which explicitly teaches the model to reference cybersafety rules to generate vulnerability-free code and to avoid facilitating malicious cyberactivities; and (ii) Reinforcement Learning, which optimizes model safety and preserves model utility through diverse, multi-objective reward mechanisms. To empower the training pipelines with comprehensive cybersafety data, we conduct internal red-teaming to synthesize comprehensive and high-coverage prompts based on real-world tasks for inducing unsafe cyberactivities in the model. Based on PurpCode, we develop a reasoning-based coding model, namely PurpCode-32B, which demonstrates state-of-the-art cybersafety, outperforming various frontier models. Meanwhile, our alignment method decreases the model overrefusal rates in both general and cybersafety-specific scenarios, while preserving model utility in both code generation and common security knowledge. |
| title | PurpCode: Reasoning for Safer Code Generation |
| topic | Cryptography and Security Computation and Language Machine Learning Software Engineering |
| url | https://arxiv.org/abs/2507.19060 |