Vulnerability Handling of AI-Generated Code -- Existing Solutions and Open Challenges

TL;DR

This paper reviews current approaches and challenges in detecting, localizing, and repairing security vulnerabilities in AI-generated code, emphasizing the need for scalable solutions.

Contribution

It provides a comprehensive overview of recent LLM-based vulnerability handling methods and highlights open challenges for future research.

Findings

Recent progress in vulnerability detection, localization, and repair methods

Open challenges include scalability and reliability of vulnerability handling

Traditional manual review processes are inadequate for AI-generated code

Abstract

The increasing use of generative Artificial Intelligence (AI) in modern software engineering, particularly Large Language Models (LLMs) for code generation, has transformed professional software development by boosting productivity and automating development processes. This adoption, however, has highlighted a significant issue: the introduction of security vulnerabilities into the code. These vulnerabilities result, e.g., from flaws in the training data that propagate into the generated code, creating challenges in disclosing them. Traditional vulnerability handling processes often involve extensive manual review. Applying such traditional processes to AI-generated code is challenging. AI-generated code may include several vulnerabilities, possibly in slightly different forms as developers might not build on already implemented code but prompt similar tasks. In this work, we explore the current state of LLM-based approaches for vulnerability handling, focusing on approaches for vulnerability detection, localization, and repair. We provide an overview of recent progress in this area and highlight open challenges that must be addressed in order to establish a reliable and scalable vulnerability handling process of AI-generated code.