The progress and development of generative artificial intelligence (GenAI) in learning how to code like a human developer is a significant technological advancement. However, with this speed comes the challenge of picking up mistakes along the way, leading to potential vulnerabilities in the code.
According to Chris Wysopal, CTO and co-founder of Veracode, GenAI and large language models (LLMs) learn coding from open source models, which themselves may have flaws. Speaking at the Dark Reading News Desk during Black Hat USA 2024, Wysopal highlighted that GenAI can write code at a much faster pace, resulting in more code and vulnerabilities being produced in the same amount of time.
The key challenge then becomes identifying and rectifying these vulnerabilities at a similar speed to keep up with the rate of code generation. In his research presented at the conference, titled “From HAL to HALT: Thwarting Skynet’s Siblings in the GenAI Coding Era,” Wysopal suggested using AI to detect and fix vulnerabilities in AI-generated code, but acknowledged that this solution is still a work in progress.
Current research indicates that among the existing models, an LLM named StarCoder excels in writing code with relatively fewer vulnerabilities. While it’s not flawless, StarCoder is considered the leading model in this aspect. Additionally, ChatGPT 4.0 and ChatGPT 2.5 have also shown proficiency in generating secure code.
Wysopal emphasized the importance of specialized LLMs that are specifically trained to produce secure code, as general-purpose LLMs may not be as effective in addressing security bugs. He mentioned that Veracode, along with other companies, is actively working on developing such specialized models to enhance the overall security of AI-generated code.
The continuous evolution and adoption of GenAI in coding processes present both opportunities and challenges for the cybersecurity industry. While the speed and efficiency of AI-powered coding are beneficial, ensuring the security and integrity of the code remains a critical priority. By investing in research and developing specialized LLMs focused on secure coding practices, organizations can navigate the complexities of GenAI and harness its full potential in a safe and secure manner.