How Secure is Code Generated by ChatGPT? | AI Security Portal

JA

JA

EN

TOP Literature Database How Secure is Code Generated by ChatGPT?

arxiv

How Secure is Code Generated by ChatGPT?

AI Security Portal bot

Information in the literature database is collected automatically.

Source

https://arxiv.org/abs/2304.09655

PDF

https://arxiv.org/pdf/2304.09655

Paper Information

Author: Raphaël Khoury;Anderson R. Avila;Jacob Brunelle;Baba Mamadou Camara
Published: 4-19-2023
Affiliation: Universite du Quebec en Outaouais
Country: Canada
Conference

Labels Estimated by AI

Security Analysis Vulnerability Prediction Program Verification

These labels were automatically added by AI and may be inaccurate.
For details, see About Literature Database.

Abstract

In recent years, large language models have been responsible for great advances in the field of artificial intelligence (AI). ChatGPT in particular, an AI chatbot developed and recently released by OpenAI, has taken the field to the next level. The conversational model is able not only to process human-like text, but also to translate natural language into code. However, the safety of programs generated by ChatGPT should not be overlooked. In this paper, we perform an experiment to address this issue. Specifically, we ask ChatGPT to generate a number of program and evaluate the security of the resulting source code. We further investigate whether ChatGPT can be prodded to improve the security by appropriate prompts, and discuss the ethical aspects of using AI to generate code. Results suggest that ChatGPT is aware of potential vulnerabilities, but nonetheless often generates source code that are not robust to certain attacks.

External Datasets

ProgramsGeneratedByChatGPT

References

Training compute-optimal large language models

J. Hoffmann, S. Borgeaud, A. Mensch, E. Buchatskaya, T. Cai, E. Rutherford, D. de Las Casas, L. A. Hendricks, J. Welbl, A. Clark, T. Hennigan, E. Noland, K. Millican, G. van den Driessche, B. Damoc, A. Guy, S. Osindero, K. Simonyan, E. Elsen, J. W. Rae, O. Vinyals, L. Sifre

Published: 2022

Minds and Machines

Gpt-3: Its nature, scope, limits, and consequences

L. Floridi, M. Chiriatti

Published: 2020

Nature

Chatgpt: five priorities for research

E. A. van Dis, J. Bollen, W. Zuidema, R. van Rooij, C. L. Bockting

Published: 2023

OpenAI Team chatgpt: Optimizing language models for dialogue

Chatgpt makes medicine easy to swallow: An exploratory case study on simplified radiology reports

K. Jeblick, B. Schachtner, J. Dexl, A. Mittermeier, A. T. Stuber, J. Topalis, T. Weber, P. Wesp, B. Sabel, J. Ricke

Published: 2022

An analysis of the automatic bug fixing performance of chatgpt

SOBANIA, D., BRIESCH, M., HANNA, C., PETKE, J.

Learning and individual differences

Chatgpt for good? on opportunities and challenges of large language models for education

Enkelejda Kasneci, Kathrin Seßler, Stefan Küchemann, Maria Bannert, Daryna Dementieva, Frank Fischer, Urs Gasser, Georg Groh, Stephan Günnemann, Eyke Hüller-meier, et al.

Published: 2023

Proceedings of the 38th international conference on software engineering

Automatically learning semantic features for defect prediction

Song Wang, Taiyue Liu, Lin Tan

Published: 2016

Advances in Neural Information Processing Systems

Program synthesis and semantic parsing with learned code idioms

E. C. Shin, M. Allamanis, M. Brockschmidt, A. Polozov

Published: 2019

code2seq: Generating sequences from structured representations of code

U. Alon, S. Brody, O. Levy, E. Yahav

Published: 2018

Proceedings of the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering

Learning from examples to improve code completion systems

M. Bruch, M. Monperrus, M. Mezini

Published: 2009

O’Reilly Media, Inc.

Secure programming cookbook for C and C++: recipes for cryptography, authentication, input validation & more

J. Viega, M. Messier

Published: 2003

Association for Computing Machinery

The impact of regular expression denial of service (redos) in practice: An empirical study at the ecosystem scale

J. C. Davis, C. A. Coghlan, F. Servant, D. Lee

Published: 2018

2017 IEEE Cybersecurity Development (SecDev)

Java deserialization vulnerabilities and mitigations

R. C. Seacord

Published: 2017

Concordia University

A qualitative study of vulnerability-fixing commits

M. Mkhallalati

Published: 2019

Secure Coding in C and C++

Published: 2013

Forbes

More than half of college students believe using chatgpt to complete assignments is cheating

M. Nietzel

Published: 2023

Journal on Telecommunications and High Technology Law

A model for when disclosure helps security: What is different about computer and network security?

P. Swire

Published: 2004

Journal of Artificial Intelligence Research

Explainable deep learning: A field guide for the uninitiated

G. Ras, N. Xie, M. Van Gerven, D. Doran

Published: 2022

Cryptology ePrint Archive

Generating secure hardware using chatgpt resistant to cwes

M. Nair, R. Sadhukhan, D. Mukhopadhyay

Published: 2023

A categorical archive of chatgpt failures

Published: 2023