Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks

TL;DR

This paper investigates how AI code generators are vulnerable to targeted data poisoning attacks that inject malicious code into training data, leading to security vulnerabilities in generated code without affecting correctness.

Contribution

It introduces a targeted data poisoning strategy for AI code generators, demonstrating their susceptibility and analyzing factors affecting attack success.

Findings

AI code generators are vulnerable to small amounts of poisoning.

Attack success varies with model architecture and poisoning rate.

Poisoning does not affect code correctness, making detection difficult.

Abstract

AI-based code generators have become pivotal in assisting developers in writing software starting from natural language (NL). However, they are trained on large amounts of data, often collected from unsanitized online sources (e.g., GitHub, HuggingFace). As a consequence, AI models become an easy target for data poisoning, i.e., an attack that injects malicious samples into the training data to generate vulnerable code. To address this threat, this work investigates the security of AI code generators by devising a targeted data poisoning strategy. We poison the training data by injecting increasing amounts of code containing security vulnerabilities and assess the attack's success on different state-of-the-art models for code generation. Our study shows that AI code generators are vulnerable to even a small amount of poison. Notably, the attack success strongly depends on the model architecture and poisoning rate, whereas it is not influenced by the type of vulnerabilities. Moreover, since the attack does not impact the correctness of code generated by pre-trained models, it is hard to detect. Lastly, our work offers practical insights into understanding and potentially mitigating this threat.