Arup Datta

Arup Datta, Ahmed Aljohani, Hyunsook Do

Large language models (LLMs) are now widely used to draft and refactor code, but code that works is not necessarily secure. We evaluate secure code generation using the Instruct Prime, which eliminated compliance-required prompts and cue contamination, and evaluate five instruction-tuned code LLMs using a zero-shot baseline and a three-round reflexion prompting approach. Security is measured using the Insecure Code Detector (ICD), and results are reported by measuring Repair, Regression, and NetGain metrics, considering the programming language and CWE family. Our findings show that insecurity remains common at the first round: roughly 25-33% of programs are insecure at a zero-shot baseline (t0 ). Weak cryptography/config-dependent bugs are the hardest to avoid while templated ones like XSS, code injection, and hard-coded secrets are handled more reliably. Python yields the highest secure rates; C and C# are the lowest, with Java, JS, PHP, and C++ in the middle. Reflexion prompting improves security for all models, improving average accuracy from 70.74% at t0 to 79.43% at t3 , with the largest gains in the first round followed by diminishing returns. The trends with Repair, Regression, and NetGain metrics show that applying one to two rounds produces most of the benefits. A replication package is available at https://doi.org/10.5281/zenodo.17065846.

Sowmen Das, Selim Seferbekov, Arup Datta et al.

The creation of altered and manipulated faces has become more common due to the improvement of DeepFake generation methods. Simultaneously, we have seen detection models' development for differentiating between a manipulated and original face from image or video content. In this paper, we focus on identifying the limitations and shortcomings of existing deepfake detection frameworks. We identified some key problems surrounding deepfake detection through quantitative and qualitative analysis of existing methods and datasets. We found that deepfake datasets are highly oversampled, causing models to become easily overfitted. The datasets are created using a small set of real faces to generate multiple fake samples. When trained on these datasets, models tend to memorize the actors' faces and labels instead of learning fake features. To mitigate this problem, we propose a simple data augmentation method termed Face-Cutout. Our method dynamically cuts out regions of an image using the face landmark information. It helps the model selectively attend to only the relevant regions of the input. Our evaluation experiments show that Face-Cutout can successfully improve the data variation and alleviate the problem of overfitting. Our method achieves a reduction in LogLoss of 15.2% to 35.3% on different datasets, compared to other occlusion-based techniques. Moreover, we also propose a general-purpose data pre-processing guideline to train and evaluate existing architectures allowing us to improve the generalizability of these models for deepfake detection.