On Fixing Insecure AI-Generated Code through Model Fine-Tuning and Prompting Strategies

TL;DR

This paper systematically evaluates fine-tuning and prompting strategies to improve the security of AI-generated code, revealing that no single approach is universally effective across models and languages.

Contribution

It provides a comprehensive analysis of security mitigation strategies for AI code generation, highlighting their variable effectiveness and unintended side effects.

Findings

Security improvements depend heavily on the chosen strategy and model.

Some methods reduce specific weaknesses but may introduce new ones.

No approach completely eliminates security weaknesses across all scenarios.

Abstract

The security of AI-generated code remains a major obstacle to its widespread adoption. Although code generation models achieve strong performance on functional benchmarks, their outputs frequently contain bugs and security weaknesses that undermine their trustworthiness. Prior work has explored a range of approaches to mitigate security issues in AI-generated code, e.g., using static analysis-guided generation and prompt engineering. However, their effectiveness varies widely across models and settings. This paper presents a systematic investigation of strategies for hardening model-generated code against a list of Common Weakness Enumeration (CWE). We assess the extent to which these strategies improve security across models and programming languages, using fine-tuning and prompting approaches for model output refinement. Beyond the prevalence of security weaknesses, we analyse the severity of identified CWEs, their co-occurrence, and the unintended consequences of remediation (i.e., whether fixing certain weaknesses introduces new weaknesses elsewhere in the same code). Our results show that security improvements are highly strategy- and model-dependent. Although some approaches reduce specific classes of weaknesses, they often introduce new weaknesses as side effects of the fixes. Moreover, no strategy consistently eliminates weaknesses across all models and scenarios, highlighting the absence of a universally effective "bulletproof" solution for secure AI-generated code.