How Secure is Code Generated by ChatGPT?
This addresses safety concerns for developers and users relying on AI-generated code, though it is incremental as it focuses on evaluating an existing model.
The paper investigates the security of code generated by ChatGPT, finding that while the model is aware of vulnerabilities, it often produces code that is not robust to certain attacks.
In recent years, large language models have been responsible for great advances in the field of artificial intelligence (AI). ChatGPT in particular, an AI chatbot developed and recently released by OpenAI, has taken the field to the next level. The conversational model is able not only to process human-like text, but also to translate natural language into code. However, the safety of programs generated by ChatGPT should not be overlooked. In this paper, we perform an experiment to address this issue. Specifically, we ask ChatGPT to generate a number of program and evaluate the security of the resulting source code. We further investigate whether ChatGPT can be prodded to improve the security by appropriate prompts, and discuss the ethical aspects of using AI to generate code. Results suggest that ChatGPT is aware of potential vulnerabilities, but nonetheless often generates source code that are not robust to certain attacks.