English

Supporting Students in Navigating LLM-Generated Insecure Code

Cryptography and Security 2025-11-27 v1

Abstract

The advent of Artificial Intelligence (AI), particularly large language models (LLMs), has revolutionized software development by enabling developers to specify tasks in natural language and receive corresponding code, boosting productivity. However, this shift also introduces security risks, as LLMs may generate insecure code that can be exploited by adversaries. Current educational approaches emphasize efficiency while overlooking these risks, leaving students underprepared to identify and mitigate security issues in AI-assisted workflows. To address this gap, we present Bifr\"ost, an educational framework that cultivates security awareness in AI-augmented development. Bifr\"ost integrates (1) a Visual Studio Code extension simulating realistic environments, (2) adversarially configured LLMs that generate insecure code, and (3) a feedback system highlighting vulnerabilities. By immersing students in tasks with compromised LLMs and providing targeted security analysis, Bifr\"ost cultivates critical evaluation skills; classroom deployments (n=61) show vulnerability to insecure code, while a post-intervention survey (n=21) indicates increased skepticism toward LLM outputs.

Keywords

Cite

@article{arxiv.2511.20878,
  title  = {Supporting Students in Navigating LLM-Generated Insecure Code},
  author = {Jaehwan Park and Kyungchan Lim and Seonhye Park and Doowon Kim},
  journal= {arXiv preprint arXiv:2511.20878},
  year   = {2025}
}

Comments

7 pages

R2 v1 2026-07-01T07:55:13.837Z