LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks

TL;DR

This paper evaluates whether large language models can reliably identify and reason about security vulnerabilities, revealing significant non-robustness and inconsistency in their responses across various scenarios.

Contribution

The paper introduces SecLLMHolmes, a comprehensive evaluation framework and benchmark for assessing LLMs' ability to handle security-related code analysis tasks.

Findings

LLMs show non-deterministic responses and incorrect reasoning.

Models like PaLM2 and GPT-4 are sensitive to code modifications.

LLMs perform poorly in real-world security scenarios.

Abstract

Large Language Models (LLMs) have been suggested for use in automated vulnerability repair, but benchmarks showing they can consistently identify security-related bugs are lacking. We thus develop SecLLMHolmes, a fully automated evaluation framework that performs the most detailed investigation to date on whether LLMs can reliably identify and reason about security-related bugs. We construct a set of 228 code scenarios and analyze eight of the most capable LLMs across eight different investigative dimensions using our framework. Our evaluation shows LLMs provide non-deterministic responses, incorrect and unfaithful reasoning, and perform poorly in real-world scenarios. Most importantly, our findings reveal significant non-robustness in even the most advanced models like `PaLM2' and `GPT-4': by merely changing function or variable names, or by the addition of library functions in the source code, these models can yield incorrect answers in 26% and 17% of cases, respectively. These findings demonstrate that further LLM advances are needed before LLMs can be used as general purpose security assistants.