Code assistants based on Large language models (LLMs) are built on massive datasets, often sourced from untrusted GitHub repositories. Adversaries can poison these sources so that the resulting models suggest insecure code. The straightforward approach—publishing vulnerable code—is typically insufficient, though, as datasets are commonly filtered for vulnerabilities using static analysis. However, recent attacks like TrojanPuzzle circumvent these filters by reusing tokens from distinctive patterns in a victim’s context. TrojanPuzzle has a crucial limitation, though. The distinctive pattern must include at least one token that appears in the desired vulnerable suggestion (the bait). Our attacks [10] lift this restriction by implanting a learnable mapping function, specifically parameterized to transform any token into the required bait token.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Exploiting Contexts of LLM-based Code-Completion

  • Maximilian Noppel,
  • Karl Rubel,
  • Christian Wressnegger

摘要

Code assistants based on Large language models (LLMs) are built on massive datasets, often sourced from untrusted GitHub repositories. Adversaries can poison these sources so that the resulting models suggest insecure code. The straightforward approach—publishing vulnerable code—is typically insufficient, though, as datasets are commonly filtered for vulnerabilities using static analysis. However, recent attacks like TrojanPuzzle circumvent these filters by reusing tokens from distinctive patterns in a victim’s context. TrojanPuzzle has a crucial limitation, though. The distinctive pattern must include at least one token that appears in the desired vulnerable suggestion (the bait). Our attacks [10] lift this restriction by implanting a learnable mapping function, specifically parameterized to transform any token into the required bait token.