English

Secure Coding with AI -- From Detection to Repair

Software Engineering 2026-02-19 v2 Cryptography and Security

Abstract

While several studies have examined the security of code generated by GPT and other Large Language Models (LLMs), most have relied on controlled experiments rather than real developer interactions. This paper investigates the security of GPT-generated code extracted from the DevGPT dataset and evaluates the ability of current LLMs to detect and repair vulnerabilities in this real-world context. We analysed 2,315 C, C++, and C# code snippets using static scanners combined with manual inspection, identifying 56 vulnerabilities across 48 files. These files were then assessed using GPT-4.1, GPT-5, and Claude Opus 4.1 to determine whether these could identify the security issues and, where applicable, to specify the corresponding Common Weakness Enumeration (CWE) numbers and propose fixes. Manual review and re-scanning of the modified code showed that GPT-4.1, GPT-5, and Claude Opus 4.1 correctly detected 46, 44, and 45 vulnerabilities, and successfully repaired 42, 44, and 43 respectively. A comparison of experiments conducted in October 2024 and September 2025 indicates substantial progress, with overall detection and remediation rates improving from roughly 50 % to around 75 - 80 %. We also observe that LLM-generated code is about as likely to contain vulnerabilities as developer-written code, and that LLMs may confidently provide incorrect information, posing risks for less experienced developers.

Keywords

Cite

@article{arxiv.2504.20814,
  title  = {Secure Coding with AI -- From Detection to Repair},
  author = {Vladislav Belozerov and Peter J Barclay and Ashkan Sami},
  journal= {arXiv preprint arXiv:2504.20814},
  year   = {2026}
}
R2 v1 2026-06-28T23:15:28.466Z