美国安全与新兴技术中心2024AI生成代码的网络安全风险研究报告英文版41页

Issue BriefNovember 2024Cybersecurity Risks of AI-Generated CodeAuthors Jessica Ji Jenny Jun Maggie Wu Rebecca GellesCenter for Security and Emerging Technology | 1 Executive Summary Recent developments have improved the ability of large language models (LLMs) and other AI systems to generate computer code. While this is promising for the field of software development, these models can also pose direct and indirect cybersecurity risks. In this paper, we identify three broad categories of risk associated with AI code generation models: 1) models generating insecure code, 2) models themselves being vulnerable to attack and manipulation, and 3) downstream cybersecurity impacts such as feedback loops in training future AI systems. Existing research has shown that, under experimental conditions, AI code generation models frequently output insecure code. However, the process of evaluating the security of AI-generated code is highly complex and contains many interdependent variables. To fu