English

Benchmarking Prompt Engineering Techniques for Secure Code Generation with GPT Models

Software Engineering 2025-02-11 v1 Artificial Intelligence Cryptography and Security

Abstract

Prompt engineering reduces reasoning mistakes in Large Language Models (LLMs). However, its effectiveness in mitigating vulnerabilities in LLM-generated code remains underexplored. To address this gap, we implemented a benchmark to automatically assess the impact of various prompt engineering strategies on code security. Our benchmark leverages two peer-reviewed prompt datasets and employs static scanners to evaluate code security at scale. We tested multiple prompt engineering techniques on GPT-3.5-turbo, GPT-4o, and GPT-4o-mini. Our results show that for GPT-4o and GPT-4o-mini, a security-focused prompt prefix can reduce the occurrence of security vulnerabilities by up to 56%. Additionally, all tested models demonstrated the ability to detect and repair between 41.9% and 68.7% of vulnerabilities in previously generated code when using iterative prompting techniques. Finally, we introduce a "prompt agent" that demonstrates how the most effective techniques can be applied in real-world development workflows.

Keywords

Cite

@article{arxiv.2502.06039,
  title  = {Benchmarking Prompt Engineering Techniques for Secure Code Generation with GPT Models},
  author = {Marc Bruni and Fabio Gabrielli and Mohammad Ghafari and Martin Kropp},
  journal= {arXiv preprint arXiv:2502.06039},
  year   = {2025}
}

Comments

Accepted at the 2025 IEEE/ACM Second International Conference on AI Foundation Models and Software Engineering (Forge 2025). 10 pages, 7 figures, 5 tables

R2 v1 2026-06-28T21:37:56.682Z