GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptographic API Call Sequences

“…Finally, different authors benchmarked in-house AI models and popular models. For example, papers such as Tony et al (2022) with DeepAPI-plusSec and DeepAPI-onlySec and Pearce et al (2023) with Gpt2csrc. Figure 3 shows the LLM instances researched by two or more articles grouped by family.…”

“…In our sample, four articles (Tony et al, 2022;Jesse et al, 2023;Jha and Reddy, 2023;Wu et al, 2023) analyzed code generation AI models for Java. Each research focused on very different aspects of cyber security and they did not analyze the same vulnerabilities.…”

“…Each research focused on very different aspects of cyber security and they did not analyze the same vulnerabilities. Tony et al (2022) investigated the dangers and incorrect of API calls for cryptographic protocols. Their conclusions is that generative AI might not be at all optimized for generating cryptographically secure code (Tony et al, 2022).…”

“…Tony et al (2022) investigated the dangers and incorrect of API calls for cryptographic protocols. Their conclusions is that generative AI might not be at all optimized for generating cryptographically secure code (Tony et al, 2022). The accuracy of the code generated was significantly lower on cryptographic tasks than what the AI is advertised to have on regular code (Tony et al, 2022).…”

“…Their conclusions is that generative AI might not be at all optimized for generating cryptographically secure code (Tony et al, 2022). The accuracy of the code generated was significantly lower on cryptographic tasks than what the AI is advertised to have on regular code (Tony et al, 2022). Jesse et al (2023) experiments with generating single stupid bugs (SStuB) with different AI models.…”

A systematic literature review on the impact of AI models on the security of code generation

“…Finally, different authors benchmarked in-house AI models and popular models. For example, papers such as Tony et al (2022) with DeepAPI-plusSec and DeepAPI-onlySec and Pearce et al (2023) with Gpt2csrc. Figure 3 shows the LLM instances researched by two or more articles grouped by family.…”

“…In our sample, four articles (Tony et al, 2022;Jesse et al, 2023;Jha and Reddy, 2023;Wu et al, 2023) analyzed code generation AI models for Java. Each research focused on very different aspects of cyber security and they did not analyze the same vulnerabilities.…”

“…Each research focused on very different aspects of cyber security and they did not analyze the same vulnerabilities. Tony et al (2022) investigated the dangers and incorrect of API calls for cryptographic protocols. Their conclusions is that generative AI might not be at all optimized for generating cryptographically secure code (Tony et al, 2022).…”

“…Tony et al (2022) investigated the dangers and incorrect of API calls for cryptographic protocols. Their conclusions is that generative AI might not be at all optimized for generating cryptographically secure code (Tony et al, 2022). The accuracy of the code generated was significantly lower on cryptographic tasks than what the AI is advertised to have on regular code (Tony et al, 2022).…”

“…Their conclusions is that generative AI might not be at all optimized for generating cryptographically secure code (Tony et al, 2022). The accuracy of the code generated was significantly lower on cryptographic tasks than what the AI is advertised to have on regular code (Tony et al, 2022). Jesse et al (2023) experiments with generating single stupid bugs (SStuB) with different AI models.…”

A systematic literature review on the impact of AI models on the security of code generation

PwnPilot: Reflections on Trusting Trust in the Age of Large Language Models and AI Code Assistants

LLMSecEval: A Dataset of Natural Language Prompts for Security Evaluations