NJIT Cybersecurity Research Adds Protection to AI-Built Code

Image created with AI

Software that will harden the security of AI-developed code is being developed at New Jersey Institute of Technology, funded by a $450,000 National Science Foundation grant.

NJIT professors Zephyr Yao and Iulian Neamtiu decided they’d seen enough of the downside of programming assisted by artificial intelligence — that this increasingly common process creates too many bugs — so they’re taking action now before it is too late.

“Undeniably, more and more programmers are using AI to help them write code, and somehow this looks productive, but it carries a lot of risk. They don’t know what they’re writing, and AI-generated code may look very nice and polished, right? And it still contains security errors,” Yao explained.

“There’s an incoming wave of unscrutinized low-quality code generated by AI. We must act urgently to prevent that code from turning into widespread software disasters, or at least reduce the impact of such code,” Neamtiu added.

Citing prior studies and their own preliminary work, Yao and Neamtiu stated that 40% of programs generated by large language models are buggy, 65% of an LLM’s first attempts at code generation are simply insecure and attempting to fix these issues by adding more prompts only makes it worse.

With the planned framework, not yet named, a developer would connect their code repository such as GitHub to their preferred AI system. The AI could be a mainstream system like Claude, Codex or CoPilot. It could also be something proprietary to an organization.

Then, when acting on the developer’s prompt, the framework adds security guardrails — “Not just to write code, but also what safety rules the code has to follow. Then we check those against the generated code, look for security problems and guide AI to improve it iteratively,” Yao noted.

The researchers use both static and dynamic…

Source