PulseAugur
EN
LIVE 16:16:06

New framework traces malicious code completions to backdoor data

Researchers have developed CodeTracer, a new forensic framework designed to identify the specific backdoor fine-tuning data responsible for malicious code completions generated by large language models. Operating with only the fine-tuning corpus and the reported miscompletion, CodeTracer extracts a behavioral fingerprint from the compromised output. It then uses LLM-based reasoning to attribute unsafe logic to particular data samples, demonstrating high accuracy and robustness against adaptive attacks in evaluations. AI

IMPACT Enhances security for AI-powered code completion tools, potentially reducing risks of malicious code injection.

RANK_REASON The cluster contains an academic paper detailing a new framework for code completion security.

Read on arXiv cs.AI →

AI-generated summary · Google Gemini · from 2 sources. How we write summaries →

New framework traces malicious code completions to backdoor data

COVERAGE [2]

  1. arXiv cs.AI TIER_1 English(EN) · Anjun Gao, Yueyang Quan, Zhuqing Liu, Minghong Fang ·

    Beware What You Autocomplete: Forensic Attribution of Backdoored Code Completions

    arXiv:2607.08011v1 Announce Type: cross Abstract: Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data cover…

  2. arXiv cs.IR (Information Retrieval) TIER_1 English(EN) · Minghong Fang ·

    Beware What You Autocomplete: Forensic Attribution of Backdoored Code Completions

    Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data covertly implants unsafe behaviors. Despite advances in…