AI-generated Сode Security
Вантажиться...
Дата
2025
Науковий керівник
Назва журналу
Номер ISSN
Назва тому
Видавець
National Technical University of Ukraine ‘Igor Sikorsky Kyiv Polytechnic Institute’
Анотація
The integration of Generative AI (GenAI) and Large Language Models (LLMs) into software development workflows represents a paradigm shift, driven by significant productivity gains (Asare, Nagappan, & Asokan, 2023).
However, this rapid adoption obscures a critical security deficit. Empirical studies demonstrate that AI-generated code frequently introduces known security flaws; comprehensive analyses reveal that nearly half of all generated code is insecure (Sabra, Schmitt, & Tyler, 2025), and iterative refinement can counterintuitively increase critical vulnerabilities. While common vulnerabilities (e.g., injection) are prevalent, the most systemic and dangerous failures lie in the logical domain of security roles and privileges. This research posits that the fundamental flaw of current models is “contextblindness” – an inherent inability to comprehend or model an application's specific risk model, security architecture, or implicit authorization invariants. This gap leads to the generation of code with catastrophic Broken Access Control (BAC) and Insecure Direct Object Reference (IDOR) vulnerabilities, rendering traditional static analysis ineffective.
Опис
Ключові слова
Generative AI (GenAI), code security, large language models (LLMs), context-aware generation (RAG), formal verification (FV), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Insecure Direct Object Reference (IDOR)
Бібліографічний опис
Bodnar, M. AI-generated Сode Security / Mykola Bodnar, Andrii Rodionov, Maryna Degtiarenko // Advances in Science and Technology : proceedings of the II International Final R&D Online Conference of the II International Student Research Paper Competition, [Kyiv], 2025, Part I / Ukraine National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”. - Kyiv, 2025. - P. 18-20.