LLM Security Guard for Code
Arya Kavian, Mohammad Mehdi Pourhashem Kallehbasti, Sajjad Kazemi, Ehsan Firouzi, Mohammad Ghafari
TL;DR
The paper tackles insecure code generation from LLMs by augmenting prompts with static security analysis in a RESTful framework. It presents LLMSecGuard, a modular system with Prompt, Security, and Benchmark Agents that integrates tools like Semgrep, Weggli, and CyberSecEval to evaluate and improve security and to benchmark CWE coverage across LLMs. The main contributions are an extensible architecture for secure code generation, an actionable benchmarking workflow, and open-source availability to compare LLM security properties over time. This work has practical impact by enabling developers to produce more secure code and by providing a mechanism to track the evolving security performance of code-generation models.
Abstract
Many developers rely on Large Language Models (LLMs) to facilitate software development. Nevertheless, these models have exhibited limited capabilities in the security domain. We introduce LLMSecGuard, a framework to offer enhanced code security through the synergy between static code analyzers and LLMs. LLMSecGuard is open source and aims to equip developers with code solutions that are more secure than the code initially generated by LLMs. This framework also has a benchmarking feature, aimed at providing insights into the evolving security attributes of these models.