Enregistré dans:
Détails bibliographiques
Auteurs principaux: Sabir, Bushra, Liu, Shigang, Jang, Seung Ick, Abuadbba, Sharif, Gao, Yansong, Moore, Kristen, Kim, SangCheol, Kim, Hyoungshick, Nepal, Surya
Format: Preprint
Publié: 2026
Sujets:
Accès en ligne:https://arxiv.org/abs/2603.22717
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866915886091206656
author Sabir, Bushra
Liu, Shigang
Jang, Seung Ick
Abuadbba, Sharif
Gao, Yansong
Moore, Kristen
Kim, SangCheol
Kim, Hyoungshick
Nepal, Surya
author_facet Sabir, Bushra
Liu, Shigang
Jang, Seung Ick
Abuadbba, Sharif
Gao, Yansong
Moore, Kristen
Kim, SangCheol
Kim, Hyoungshick
Nepal, Surya
contents Automatically generating source code from natural language using large language models (LLMs) is becoming common, yet security vulnerabilities persist despite advances in fine tuning and prompting. In this work, we systematically evaluate whether multi LLM ensembles and collaborative strategies can meaningfully improve secure code generation. We present MULTI-LLMSECCODEEVAL, a framework for assessing and enhancing security across the vulnerability management lifecycle by combining multiple LLMs with static analysis and structured collaboration. Using SecLLMEval and SecLLMHolmes, we benchmark ten pipelines spanning single model, ensemble, collaborative, and hybrid designs. Our results show that ensemble pipelines augmented with static analysis improve secure code generation over single LLM baselines by up to 47.3% on SecLLMEval and 19.3% on SecLLMHolmes, while purely LLM based collaborative pipelines yield smaller gains of 8.9% to 22.3%. Hybrid pipelines that integrate ensembling, detection, and patching achieve the strongest security performance, outperforming the best ensemble baseline by 1.78% to 4.72% and collaborative baselines by 19.81% to 26.78%. Ablation studies reveal that model scale alone does not ensure security. Smaller, structured multi model ensembles consistently outperform large monolithic LLMs. Overall, our findings demonstrate that secure code does not emerge from scale, but from carefully orchestrated multi model system design.
format Preprint
id arxiv_https___arxiv_org_abs_2603_22717
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Does Teaming-Up LLMs Improve Secure Code Generation? A Comprehensive Evaluation with Multi-LLMSecCodeEval
Sabir, Bushra
Liu, Shigang
Jang, Seung Ick
Abuadbba, Sharif
Gao, Yansong
Moore, Kristen
Kim, SangCheol
Kim, Hyoungshick
Nepal, Surya
Cryptography and Security
Software Engineering
Automatically generating source code from natural language using large language models (LLMs) is becoming common, yet security vulnerabilities persist despite advances in fine tuning and prompting. In this work, we systematically evaluate whether multi LLM ensembles and collaborative strategies can meaningfully improve secure code generation. We present MULTI-LLMSECCODEEVAL, a framework for assessing and enhancing security across the vulnerability management lifecycle by combining multiple LLMs with static analysis and structured collaboration. Using SecLLMEval and SecLLMHolmes, we benchmark ten pipelines spanning single model, ensemble, collaborative, and hybrid designs. Our results show that ensemble pipelines augmented with static analysis improve secure code generation over single LLM baselines by up to 47.3% on SecLLMEval and 19.3% on SecLLMHolmes, while purely LLM based collaborative pipelines yield smaller gains of 8.9% to 22.3%. Hybrid pipelines that integrate ensembling, detection, and patching achieve the strongest security performance, outperforming the best ensemble baseline by 1.78% to 4.72% and collaborative baselines by 19.81% to 26.78%. Ablation studies reveal that model scale alone does not ensure security. Smaller, structured multi model ensembles consistently outperform large monolithic LLMs. Overall, our findings demonstrate that secure code does not emerge from scale, but from carefully orchestrated multi model system design.
title Does Teaming-Up LLMs Improve Secure Code Generation? A Comprehensive Evaluation with Multi-LLMSecCodeEval
topic Cryptography and Security
Software Engineering
url https://arxiv.org/abs/2603.22717