Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code

Add code
Mar 11, 2024
Cristina Improta
Figure 1 for Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code
Figure 2 for Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

AI-based code generators have gained a fundamental role in assisting developers in writing software starting from natural language (NL). However, since these large language models are trained on massive volumes of data collected from unreliable online sources (e.g., GitHub, Hugging Face), AI models become an easy target for data poisoning attacks, in which an attacker corrupts the training data by injecting a small amount of poison into it, i.e., astutely crafted malicious samples. In this position paper, we address the security of AI code generators by identifying a novel data poisoning attack that results in the generation of vulnerable code. Next, we devise an extensive evaluation of how these attacks impact state-of-the-art models for code generation. Lastly, we discuss potential solutions to overcome this threat.

* Accepted at The 1st IEEE International Workshop on Reliable and Secure AI for Software Engineering (ReSAISE), co-located with ISSRE 2023  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon