1、2025 GenAI Code Security ReportASSESSING THE SECURITY OF USING LLMS FOR CODINGContentsIntroduction 03Methodology&Context 05Results&Analysis 10Overall 10Performance across languages 11Performance across CWEs 12Performance across model sizes 13Performance over time 14Discussion 15Conclusion 172025 GEN

2、AI CODE SECURITY REPORT2Generative AI is rapidly changing the way software is developed.Rather than code directly in some programming language,developers are increasingly describing the functionality they want in natural language and using large language models to generate the concrete code.Signific

3、ant effort has been put into training these models for correctness,and recent assessments have found that newer,larger models are very good at generating code with the expected functionality.Less attention,however,has been paid to whether the resulting code is secure.The primary problem is that deve

4、lopers need not specify security constraints to get the code they want.For example,a developer can prompt a model to generate a database query without specifying whether the code should construct the query using a prepared statement(safe)or string concatenation(unsafe).The choice,therefore,is left u

5、p to the model.The goal of this report is to quantify the security properties of AI-generated code across a range of languages and models.The central question we explore is:In the absence of any security-specific guidance,do large language models generate secure code or not?To evaluate this question

6、,we developed a set of coding tasks for four popular programming languages:Java,Javascript,C#,and Python.These tasks involve filling in the missing part of a single function according to a comment describing the desired code.The key property of the tasks is that the requested functionality can be im