Recent advancements in Large Language Models (LLMs) have significantly enhanced their code generation capabilities. However, their robustness against adversarial misuse, particularly through multi-turn malicious coding prompts, remains underexplored. In this work, we introduce code decomposition attacks, where a malicious coding task is broken down into a series of seemingly benign subtasks across multiple conversational turns to evade safety filters. To facilitate systematic evaluation, we introduce \benchmarkname{}, a large-scale benchmark designed to evaluate the robustness of code LLMs against both single-turn and multi-turn malicious prompts. Empirical results across open- and closed-source models reveal persistent vulnerabilities, especially under multi-turn scenarios. Fine-tuning on MOCHA improves rejection rates while preserving coding ability, and importantly, enhances robustness on external adversarial datasets with up to 32.4% increase in rejection rates without any additional supervision.
@article{arxiv.2507.19598,
title = {MOCHA: Are Code Language Models Robust Against Multi-Turn Malicious Coding Prompts?},
author = {Muntasir Wahed and Xiaona Zhou and Kiet A. Nguyen and Tianjiao Yu and Nirav Diwan and Gang Wang and Dilek Hakkani-Tür and Ismini Lourentzou},
journal= {arXiv preprint arXiv:2507.19598},
year = {2025}
}
Comments
Winner Defender Team at Amazon Nova AI Challenge 2025