LLM-CSEC: Empirical Evaluation of Security in C/C++ Code Generated by Large Language Models
By: Muhammad Usman Shahid, Chuadhry Mujeeb Ahmed, Rajiv Ranjan
Potential Business Impact:
Finds security problems in computer code made by AI.
The security of code generated by large language models (LLMs) is a significant concern, as studies indicate that such code often contains vulnerabilities and lacks essential defensive programming constructs. This work focuses on examining and evaluating the security of LLM-generated code, particularly in the context of C/C++. We categorized known vulnerabilities using the Common Weakness Enumeration (CWE) and, to study their criticality, mapped them to CVEs. We used ten different LLMs for code generation and analyzed the outputs through static analysis. The amount of CWEs present in AI-generated code is concerning. Our findings highlight the need for developers to be cautious when using LLM-generated code. This study provides valuable insights to advance automated code generation and encourage further research in this domain.
Similar Papers
The Hidden Risks of LLM-Generated Web Application Code: A Security-Centric Evaluation of Code Generation Capabilities in Large Language Models
Cryptography and Security
Finds security flaws in computer code made by AI.
WildCode: An Empirical Analysis of Code Generated by ChatGPT
Cryptography and Security
AI-written code is often unsafe for computers.
Assessing the Quality and Security of AI-Generated Code: A Quantitative Analysis
Software Engineering
Finds bugs and security risks in AI-written code.