Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code
Author
Abstract

AI-based code generators have gained a fundamental role in assisting developers in writing software starting from natural language (NL). However, since these large language models are trained on massive volumes of data collected from unreliable online sources (e.g., GitHub, Hugging Face), AI models become an easy target for data poisoning attacks, in which an attacker corrupts the training data by injecting a small amount of poison into it, i.e., astutely crafted malicious samples. In this position paper, we address the security of AI code generators by identifying a novel data poisoning attack that results in the generation of vulnerable code. Next, we devise an extensive evaluation of how these attacks impact state-of-the-art models for code generation. Lastly, we discuss potential solutions to overcome this threat.

Year of Publication
2023
Date Published
oct
URL
https://ieeexplore.ieee.org/document/10301284
DOI
10.1109/ISSREW60843.2023.00060
Google Scholar | BibTeX | DOI