TypePilot: Leveraging the Scala Type System for Secure LLM-generated Code
This addresses security risks in LLM-generated code for high-assurance domains, representing an incremental improvement through a type-focused agentic pipeline.
The paper tackles the problem of vulnerabilities in LLM-generated code by introducing TypePilot, a framework that uses Scala's type system to enhance security, showing that it substantially mitigates input validation and injection vulnerabilities compared to direct generation.
Large language Models (LLMs) have shown remarkable proficiency in code generation tasks across various programming languages. However, their outputs often contain subtle but critical vulnerabilities, posing significant risks when deployed in security-sensitive or mission-critical systems. This paper introduces TypePilot, an agentic AI framework designed to enhance the security and robustness of LLM-generated code by leveraging strongly typed and verifiable languages, using Scala as a representative example. We evaluate the effectiveness of our approach in two settings: formal verification with the Stainless framework and general-purpose secure code generation. Our experiments with leading open-source LLMs reveal that while direct code generation often fails to enforce safety constraints, just as naive prompting for more secure code, our type-focused agentic pipeline substantially mitigates input validation and injection vulnerabilities. The results demonstrate the potential of structured, type-guided LLM workflows to improve the SotA of the trustworthiness of automated code generation in high-assurance domains.