Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks

08/04/2023
by   Domenico Cotroneo, et al.
0

In this work, we assess the security of AI code generators via data poisoning, i.e., an attack that injects malicious samples into the training data to generate vulnerable code. We poison the training data by injecting increasing amounts of code containing security vulnerabilities and assess the attack's success on different state-of-the-art models for code generation. Our analysis shows that AI code generators are vulnerable to even a small amount of data poisoning. Moreover, the attack does not impact the correctness of code generated by pre-trained models, making it hard to detect.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset