Abstract:The increasing use of generative Artificial Intelligence (AI) in modern software engineering, particularly Large Language Models (LLMs) for code generation, has transformed professional software development by boosting productivity and automating development processes. This adoption, however, has highlighted a significant issue: the introduction of security vulnerabilities into the code. These vulnerabilities result, e.g., from flaws in the training data that propagate into the generated code, creating challenges in disclosing them. Traditional vulnerability handling processes often involve extensive manual review. Applying such traditional processes to AI-generated code is challenging. AI-generated code may include several vulnerabilities, possibly in slightly different forms as developers might not build on already implemented code but prompt similar tasks. In this work, we explore the current state of LLM-based approaches for vulnerability handling, focusing on approaches for vulnerability detection, localization, and repair. We provide an overview of recent progress in this area and highlight open challenges that must be addressed in order to establish a reliable and scalable vulnerability handling process of AI-generated code.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is how to handle the introduced security vulnerabilities when using generative artificial intelligence (AI), especially large - language models (LLMs) for code generation in modern software engineering. Specifically, the paper focuses on the following aspects: 1. **Introduction of security vulnerabilities**: Due to flaws in the training data, the code generated by AI may contain security vulnerabilities. These vulnerabilities may appear in different forms in the generated code, increasing the difficulty of identification and repair. 2. **Limitations of traditional vulnerability handling methods**: Traditional vulnerability handling methods usually involve a large amount of manual review. This method is not efficient enough when dealing with AI - generated code because AI - generated code may have redundancy and unclear references. 3. **Evaluation of existing solutions**: The paper evaluates current methods for using LLMs for vulnerability detection, location, and repair, including improving the capabilities of LLMs through fine - tuning or prompt engineering. 4. **Open challenges**: The paper also points out the open challenges that need to be addressed in establishing a reliable and scalable vulnerability - handling process for AI - generated code, such as: - **Context provision**: For larger codebases, how to effectively provide sufficient context information to LLMs. - **Quality and diversity of data sets**: How to construct high - quality, diverse vulnerability data sets to improve the generalization ability of the model. - **Model understanding ability**: How to enhance the understanding ability of LLMs for security - related concepts and avoid generating code with known vulnerabilities. - **Continuous learning**: How to adopt a continuous - learning method so that the model can adapt to changing security practices. In summary, the main objective of the paper is to explore current methods for using LLMs to handle security vulnerabilities in AI - generated code and point out the key issues that need to be addressed in future research.

Vulnerability Handling of AI-Generated Code -- Existing Solutions and Open Challenges

How secure is AI-generated Code: A Large-Scale Comparison of Large Language Models

Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks

Is Your AI-Generated Code Really Safe? Evaluating Large Language Models on Secure Code Generation with CodeSecEval

Understanding the Effectiveness of Large Language Models in Detecting Security Vulnerabilities

Can We Trust Large Language Models Generated Code? A Framework for In-Context Learning, Security Patterns, and Code Evaluations Across Diverse LLMs

A Formal Framework for Assessing and Mitigating Emergent Security Risks in Generative AI Models: Bridging Theory and Dynamic Risk Mitigation

Outside the Comfort Zone: Analysing LLM Capabilities in Software Vulnerability Detection

Harnessing Large Language Models for Software Vulnerability Detection: A Comprehensive Benchmarking Study

Software Vulnerability and Functionality Assessment using LLMs

Survey of Source Code Vulnerability Analysis Based on Deep Learning

Codexity: Secure AI-assisted Code Generation

Integrating Artificial Open Generative Artificial Intelligence into Software Supply Chain Security

Enhancing Large Language Models for Secure Code Generation: A Dataset-driven Study on Vulnerability Mitigation

Harnessing the Power of LLMs in Source Code Vulnerability Detection

Automated software vulnerability detection with machine learning

Enhancing Robustness of AI Offensive Code Generators via Data Augmentation

Large Language Models and Code Security: A Systematic Literature Review

How Well Do Large Language Models Serve as End-to-End Secure Code Producers?

Generative AI for Software Security Analysis: Fundamentals, Applications, and Challenges