Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks
This work addresses security vulnerabilities in AI code generators, which are critical for developers, by exposing a stealthy attack method that is hard to detect, though it is incremental in exploring specific attack strategies.
The paper investigates targeted data poisoning attacks on AI code generators by injecting vulnerable code into training data, finding that even small amounts of poison can compromise models, with success rates varying by architecture and poisoning rate but not vulnerability type.
AI-based code generators have become pivotal in assisting developers in writing software starting from natural language (NL). However, they are trained on large amounts of data, often collected from unsanitized online sources (e.g., GitHub, HuggingFace). As a consequence, AI models become an easy target for data poisoning, i.e., an attack that injects malicious samples into the training data to generate vulnerable code. To address this threat, this work investigates the security of AI code generators by devising a targeted data poisoning strategy. We poison the training data by injecting increasing amounts of code containing security vulnerabilities and assess the attack's success on different state-of-the-art models for code generation. Our study shows that AI code generators are vulnerable to even a small amount of poison. Notably, the attack success strongly depends on the model architecture and poisoning rate, whereas it is not influenced by the type of vulnerabilities. Moreover, since the attack does not impact the correctness of code generated by pre-trained models, it is hard to detect. Lastly, our work offers practical insights into understanding and potentially mitigating this threat.