The Dark Side of Large Language Models: Uncovering and Overcoming of Code Vulnerabilities

As the use of AI in cybersecurity continues to grow, many researchers have looked to large language models (LLMs) to help identify vulnerabilities in code. However, recent studies have shown that LLMs may not be as effective as initially thought, and can even introduce new vulnerabilities into code. This talk will explore the potential risks and challenges associated with using LLMs for vulnerability detection, including the potential for introducing new vulnerabilities into code.

One example of this is the recent introduction of GitHub Copilot, an AI-powered tool that generates code based on natural language prompts. While Copilot has been hailed as a revolutionary tool for developers, it has also been found to produce code with vulnerabilities, highlighting the potential risks associated with using LLMs for vulnerability detection.

In this presentation, we will showcase instances of AI-generated vulnerabilities, despite the recent incorporation of Copilots' “AI-based real time vulnerability filtering system”. However, we will also delve into the ways in which AI prompt engineering can be tailored to address this problem and emphasize the significance of secure coding practices. We will also discuss the importance of carefully validating the output of LLMs and conducting manual code reviews to ensure that any vulnerabilities introduced by LLMs are identified and addressed.

Additionally, we will review recent research in the area of AI-based vulnerability detection. By the end of this talk, attendees will have a better understanding of the benefits and limitations of AI-based vulnerability detection as well as code generation and will be able to make informed decisions about when and how to incorporate these tools into their own security review and software development practices.