Skoči na glavni sadržaj

Tehnički glasnik, Vol. 19 No. 4, 2025.

Izvorni znanstveni članak

https://doi.org/10.31803/tg-20250225095135

Security Analysis of Automated Code Generation: Structural Vulnerabilities in AI-Generated Code

Sang Hyun Yoo orcid id orcid.org/0009-0008-9199-8238 ; Department of Computer Software, Kyungmin University, 545, Seo-ro, Uijeongbu-si, 11618 Gyeonggi-do, Republic of Korea
Hyun Jung Kim orcid id orcid.org/0000-0003-3845-0560 ; Sang-Huh College and the Graduate School of Information & Communication, Dept. of Convergence Information Technology (Artificial Intelligence Major), Konkuk University, 120 Neungdong-ro, Gwangjin-gu, 05029 Seoul, Republic of Korea *

* Dopisni autor.

Puni tekst: engleski pdf 1.252 Kb

str. 560-574

preuzimanja: 551

citiraj

Sažetak

AI-driven code generation enhances operational efficiency; however, it also introduces security vulnerabilities due to insufficient human oversight during development. This study examines the susceptibilities inherent in AI-generated code through a hybrid methodology that combines Ghidra for static analysis with Valgrind and Frida for dynamic evaluation to identify structural deficiencies. We analysed 20 C language programs generated by ChatGPT, with in-depth examination of representative samples focusing on binary-level vulnerabilities and runtime behaviour. Our findings reveal that AI-generated code contains 6.4% more vulnerabilities than human-written equivalents, with significantly higher rates in network security (+18.8%), file operations (+12.4%), and error handling (+12.4%). Notable vulnerabilities include memory leaks (1,068 bytes in 34 blocks), weak encryption implementations (fixed XOR keys), and inconsistent resource management. Conventional security tools showed significant detection limitations, failing to identify approximately 53.3% of vulnerabilities in AI-generated code—a 19.7% lower detection efficiency compared to human-written code. Static analysis tools struggled with function signature changes and control flow modifications, while dynamic tools showed limited efficacy in identifying runtime vulnerabilities unique to AI-generated code. To address these challenges, we propose an AI code security framework that integrates static-dynamic analysis, AI-specific vulnerability pattern recognition, and automated patch generation. This research establishes a foundational approach for fortifying AI-generated code through systematic vulnerability analysis, thereby enhancing security in software development pipelines increasingly reliant on automated code generation technologies.

Ključne riječi

AI-generated code; binary analysis; encryption vulnerabilities; LLM security; memory vulnerabilities; OWASP Top 10; software security; static-dynamic analysis

Hrčak ID:

335259

URI

https://hrcak.srce.hr/335259

Datum izdavanja:

15.12.2025.

Posjeta: 931 *