中文

Poison with Style: A Practical Poisoning Attack on Code Large Language Models

密码学与安全 2026-05-28 v1 机器学习

摘要

Code Large Language Models (CLLMs) serve as the core of modern code agents, enabling developers to automate complex software development tasks. In this paper, we present Poison-with-Style (PwS), a practical and stealthy model poisoning attack targeting CLLMs. Unlike prior attacks that assume an active adversary capable of directly embedding explicit triggers (e.g., specific words) into developers' prompts during inference, PwS leverages developers' code styles as covert triggers implicitly embedded within their prompts. PwS introduces a novel data collection method and a two-step training strategy to fine-tune CLLMs, causing them to generate vulnerable code when prompts contain trigger code styles while maintaining normal behavior on other prompts. Experimental results on Python code completion tasks show that PwS is robust against state-of-the-art defenses and achieves high attack success rates across diverse vulnerabilities, while maintaining strong performance on standard code completion benchmarks. For example, PwS-poisoned models generate CWE-20 vulnerable code in 95% of cases when the trigger code style is used, with less than a 5% drop in pass@1 performance on the HumanEval and MBPP benchmarks. Our implementation and dataset are here: https://github.com/khangtran2020/pws.

关键词

引用

@article{arxiv.2605.27631,
  title  = {Poison with Style: A Practical Poisoning Attack on Code Large Language Models},
  author = {Khang Tran and Yazan Boshmaf and Issa Khalil and NhatHai Phan and Ting Yu and Md Rizwan Parvez},
  journal= {arXiv preprint arXiv:2605.27631},
  year   = {2026}
}

备注

Accepted to the Forty-Third International Conference on Machine Learning 2026 (ICML 2026)