English

RefleXGen:The unexamined code is not worth using

Software Engineering 2025-10-29 v1 Artificial Intelligence Cryptography and Security

Abstract

Security in code generation remains a pivotal challenge when applying large language models (LLMs). This paper introduces RefleXGen, an innovative method that significantly enhances code security by integrating Retrieval-Augmented Generation (RAG) techniques with guided self-reflection mechanisms inherent in LLMs. Unlike traditional approaches that rely on fine-tuning LLMs or developing specialized secure code datasets - processes that can be resource-intensive - RefleXGen iteratively optimizes the code generation process through self-assessment and reflection without the need for extensive resources. Within this framework, the model continuously accumulates and refines its knowledge base, thereby progressively improving the security of the generated code. Experimental results demonstrate that RefleXGen substantially enhances code security across multiple models, achieving a 13.6% improvement with GPT-3.5 Turbo, a 6.7% improvement with GPT-4o, a 4.5% improvement with CodeQwen, and a 5.8% improvement with Gemini. Our findings highlight that improving the quality of model self-reflection constitutes an effective and practical strategy for strengthening the security of AI-generated code.

Keywords

Cite

@article{arxiv.2510.23674,
  title  = {RefleXGen:The unexamined code is not worth using},
  author = {Bin Wang and Hui Li and AoFan Liu and BoTao Yang and Ao Yang and YiLu Zhong and Weixiang Huang and Yanping Zhang and Runhuai Huang and Weimin Zeng},
  journal= {arXiv preprint arXiv:2510.23674},
  year   = {2025}
}
R2 v1 2026-07-01T07:08:14.746Z