In this work, we investigate the security vulnerabilities in code snippets generated by Generative AI, specifically analyzing six diverse applications. The study aims to uncover potential risks and weaknesses that may need to be noticed by beginner programmers who utilize such AI-driven tools. The selected programs are examined for vulnerabilities like hardcoded credentials, insecure file uploads, code injection, and other related flaws. A comparative analysis was conducted between two well-known generative models, OpenAI’s ChatGPT and Google’s Bard. The findings reveal critical insights into the nature of common vulnerabilities and the necessity for improved security practices. Recommendations are made to enhance the generated code’s robustness and equip beginner programmers with knowledge and tools to mitigate potential risks. The research contributes new knowledge to the field of AI-generated code security and emphasizes the importance of security education and awareness among novice developers who are dependent on generative AI for code generation.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security Weaknesses of Code Generated by Generative AI

  • Saurabh Suresh,
  • Chuadhry Mujeeb Ahmed,
  • Naveed ul Hassan,
  • Mohamed Amine Ferrag,
  • Merouane Abdelkader Debbah

摘要

In this work, we investigate the security vulnerabilities in code snippets generated by Generative AI, specifically analyzing six diverse applications. The study aims to uncover potential risks and weaknesses that may need to be noticed by beginner programmers who utilize such AI-driven tools. The selected programs are examined for vulnerabilities like hardcoded credentials, insecure file uploads, code injection, and other related flaws. A comparative analysis was conducted between two well-known generative models, OpenAI’s ChatGPT and Google’s Bard. The findings reveal critical insights into the nature of common vulnerabilities and the necessity for improved security practices. Recommendations are made to enhance the generated code’s robustness and equip beginner programmers with knowledge and tools to mitigate potential risks. The research contributes new knowledge to the field of AI-generated code security and emphasizes the importance of security education and awareness among novice developers who are dependent on generative AI for code generation.