This report examines the cybersecurity risks associated with artificial intelligence (AI) code generation models, which have become increasingly adept at producing computer code. It identifies three primary categories of risk: the generation of insecure code, the vulnerability of the models themselves to attacks, and the downstream cybersecurity implications of such technologies. The evaluation of code produced by five large language models (LLMs) revealed that nearly 50% of the generated snippets contained bugs that could facilitate malicious exploitation. The report emphasizes the necessity for comprehensive security measures across various stakeholders, including AI developers and organizations, to mitigate these risks. It also highlights the challenges in assessing the security of AI-generated code, advocating for an expansion of existing cybersecurity frameworks to encompass AI systems and promote secure software development practices.
Authors
- Pages
- 41
- Published in
- United States of America
Table of Contents
- November 2024 1
- Cybersecurity Risks of AI- Generated Code 1
- Authors Jessica Ji Jenny Jun Maggie Wu Rebecca Gelles 1
- Cybersecurity Risks of AI- Generated Code 1
- Authors Jessica Ji Jenny Jun Maggie Wu Rebecca Gelles 1
- Executive Summary 2
- Table of Contents 4
- Introduction 5
- Background 6
- What Are Code Generation Models 6
- Increasing Industry Adoption of AI Code Generation Tools 8
- Risks Associated with AI Code Generation 10
- Code Generation Models Produce Insecure Code 10
- Models Vulnerability to Attack 12
- Downstream Impacts 14
- Challenges in Assessing the Security of Code Generation Models 16
- Is AI Generated Code Insecure 19
- Methodology 19
- Evaluation Results 23
- Severity of Generated Bugs 26
- Limitations 27
- Policy Implications and Further Research 29
- Conclusion 33
- Authors 34
- Acknowledgments 34
- Appendix A Methodology 35
- Appendix B Evaluation Results 35
- Endnotes 36
