Track 5: Secure LLMs for Code

The growing adoption of LLMs for code-related tasks presents a critical duality: while they offer powerful capabilities to enhance software security, they also introduce novel vulnerabilities and risks that can undermine trustworthy software. We investigate how LLMs can be utilized for software security purposes, such as improving accuracy of binary decompilation, increasing the auditability of binary programs and supporting security analysis.
Safety alignment of LLMs for malicious use in the software engineering domain often fails. Certain models, especially those fine-tuned with an exclusive focus on helpfulness and truthfulness, are more likely to comply with malicious user requests. Beyond direct misuse, integrating LLMs into software development introduces additional risks. We observe that LLMs4Code memorize and regurgitate portions of their training data. This behavior makes them susceptible to data extraction attacks and could inadvertently expose users to license violations or intellectual property conflicts.

Track Leaders TU Delft

Arie van Deursen
Arie van Deursen

Scientific Director, Track Lead

Maliheh Izadi
Maliheh Izadi

Track Lead

Track Leaders Meta

Satish Chandra
Satish Chandra

Track Lead

PhD Candidate

Ali Al-Kaswan
Ali Al-Kaswan

NLP for Software Engineering, Cyber Security

TU Delft Logo
Meta Logo
Website hosted on
GitHub
Building 28
van Mourik Broekmanweg 6
2628 XE, Delft
The Netherlands
Building 28