Security Degradation in Iterative AI Code Generation -- A Systematic Analysis of the Paradox
By: Shivani Shukla, Himanshu Joshi, Romilla Syed
Potential Business Impact:
AI code helpers can add hidden security problems.
The rapid adoption of Large Language Models(LLMs) for code generation has transformed software development, yet little attention has been given to how security vulnerabilities evolve through iterative LLM feedback. This paper analyzes security degradation in AI-generated code through a controlled experiment with 400 code samples across 40 rounds of "improvements" using four distinct prompting strategies. Our findings show a 37.6% increase in critical vulnerabilities after just five iterations, with distinct vulnerability patterns emerging across different prompting approaches. This evidence challenges the assumption that iterative LLM refinement improves code security and highlights the essential role of human expertise in the loop. We propose practical guidelines for developers to mitigate these risks, emphasizing the need for robust human validation between LLM iterations to prevent the paradoxical introduction of new security issues during supposedly beneficial code "improvements".
Similar Papers
LLM-CSEC: Empirical Evaluation of Security in C/C++ Code Generated by Large Language Models
Artificial Intelligence
Finds security problems in computer code made by AI.
The Hidden Risks of LLM-Generated Web Application Code: A Security-Centric Evaluation of Code Generation Capabilities in Large Language Models
Cryptography and Security
Finds security flaws in computer code made by AI.
Assessing the Quality and Security of AI-Generated Code: A Quantitative Analysis
Software Engineering
Finds bugs and security risks in AI-written code.