Can OpenAI Codex and Other Large Language Models Help Us Fix Security Bugs?

Add code
Dec 03, 2021
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt
Figure 1 for Can OpenAI Codex and Other Large Language Models Help Us Fix Security Bugs?
Figure 2 for Can OpenAI Codex and Other Large Language Models Help Us Fix Security Bugs?
Figure 3 for Can OpenAI Codex and Other Large Language Models Help Us Fix Security Bugs?
Figure 4 for Can OpenAI Codex and Other Large Language Models Help Us Fix Security Bugs?

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Human developers can produce code with cybersecurity weaknesses. Can emerging 'smart' code completion tools help repair those weaknesses? In this work, we examine the use of large language models (LLMs) for code (such as OpenAI's Codex and AI21's Jurassic J-1) for zero-shot vulnerability repair. We investigate challenges in the design of prompts that coax LLMs into generating repaired versions of insecure code. This is difficult due to the numerous ways to phrase key information -- both semantically and syntactically -- with natural languages. By performing a large scale study of four commercially available, black-box, "off-the-shelf" LLMs, as well as a locally-trained model, on a mix of synthetic, hand-crafted, and real-world security bug scenarios, our experiments show that LLMs could collectively repair 100% of our synthetically generated and hand-crafted scenarios, as well as 58% of vulnerabilities in a selection of historical bugs in real-world open-source projects.

* 16 pages, 16 figures  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon