English

Learning to Generate Secure Code via Token-Level Rewards

Cryptography and Security 2026-03-02 v1 Artificial Intelligence Software Engineering

Abstract

Large language models (LLMs) have demonstrated strong capabilities in code generation, yet they remain prone to producing security vulnerabilities. Existing approaches commonly suffer from two key limitations: the scarcity of high-quality security data and coarse-grained reinforcement learning reward signals. To address these challenges, we propose Vul2Safe, a new secure code generation framework that leverages LLM self-reflection to construct high-confidence repair pairs from real-world vulnerabilities, and further generates diverse implicit prompts to build the PrimeVul+ dataset. Meanwhile, we introduce SRCode, a novel training framework that pioneers the use of token-level rewards in reinforcement learning for code security, which enables the model to continuously attend to and reinforce critical fine-grained security patterns during training. Compared with traditional instance-level reward schemes, our approach allows for more precise optimization of local security implementations. Extensive experiments show that PrimeVul+ and SRCode substantially reduce security vulnerabilities in generated code while improving overall code quality across multiple benchmarks.

Keywords

Cite

@article{arxiv.2602.23407,
  title  = {Learning to Generate Secure Code via Token-Level Rewards},
  author = {Jiazheng Quan and Xiaodong Li and Bin Wang and Guo An and Like Liu and Degen Huang and Lin Liu and Chengbin Hou},
  journal= {arXiv preprint arXiv:2602.23407},
  year   = {2026}
}

Comments

18 pages, 3 figures

R2 v1 2026-07-01T10:54:29.953Z