English

Codexity: Secure AI-assisted Code Generation

Software Engineering 2024-05-08 v1

Abstract

Despite the impressive performance of Large Language Models (LLMs) in software development activities, recent studies show the concern of introducing vulnerabilities into software codebase by AI programming assistants (e.g., Copilot, CodeWhisperer). In this work, we present Codexity, a security-focused code generation framework integrated with five LLMs. Codexity leverages the feedback of static analysis tools such as Infer and CppCheck to mitigate security vulnerabilities in LLM-generated programs. Our evaluation in a real-world benchmark with 751 automatically generated vulnerable subjects demonstrates Codexity can prevent 60% of the vulnerabilities being exposed to the software developer.

Keywords

Cite

@article{arxiv.2405.03927,
  title  = {Codexity: Secure AI-assisted Code Generation},
  author = {Sung Yong Kim and Zhiyu Fan and Yannic Noller and Abhik Roychoudhury},
  journal= {arXiv preprint arXiv:2405.03927},
  year   = {2024}
}
R2 v1 2026-06-28T16:18:50.641Z