SecPI: Secure Code Generation with Reasoning Models via Security Reasoning Internalization

Abstract

Reasoning language models (RLMs) are increasingly used in programming. Yet, even state-of-the-art RLMs frequently introduce critical security vulnerabilities in generated code. Prior training-based approaches for secure code generation face a critical limitation that prevents their direct application to RLMs: they rely on costly, manually curated security datasets covering only a limited set of vulnerabilities. At the inference level, generic security reminders consistently degrade functional correctness while triggering only shallow ad-hoc vulnerability analysis. To address these problems, we present SecPI, a fine-tuning pipeline that teaches RLMs to internalize structured security reasoning, producing secure code by default without any security instructions at inference time. SecPI filters existing general-purpose coding datasets for security-relevant tasks using an LLM-based classifier, generates high-quality security reasoning traces with a teacher model guided by a structured prompt that systematically enumerates relevant CWEs and mitigations, and fine-tunes the target model on pairs of inputs with no security prompt and teacher reasoning traces -- as a result, the model learns to reason about security autonomously rather than in response to explicit instructions. An extensive evaluation on security benchmarks with state-of-the-art open-weight reasoning models validates the effectiveness of our approach. For instance, SecPI improves the percentage of functionally correct and secure generations for QwQ 32B from 48.2% to 62.2% (+14.0 points) on CWEval and from 18.2% to 22.0% on BaxBench. Further investigation also reveals strong cross-CWE and cross-language generalization beyond training vulnerabilities. Even when trained only on injection-related CWEs, QwQ 32B generates correct and secure code 9.9% more frequently on held-out memory-safety CWEs.

Figures (21)

• Figure 1: Reasoning LLMs reason insufficiently about security by default when coding. When instructed for security, they do not systematically explore all potential vulnerabilities and do not apply the correct mitigations. SecPI trains the model to proactively reason about security and the CWEs systematically, leading to the generated code being secure.
• Figure 2: Main techniques of SecPI: I. SecPI curates security-relevant data with low cost by scraping existing general-purpose coding datasets for security-relevant problems. II. It then uses a CWE-based prompt to synthesize structured and systematic security reasoning and responses from a teacher model. III. Finally, it adopts supervised fine-tuning to internalize the prompt and train the student model to produce similar reasoning by default.
• Figure 3: Results of evaluating our method on CWEval and BaxBench. On both datasets SecPI leads to noticeable FuncSec and SecRatio improvements compared to standard and simple security prompts. Fine-tuning with SecPI elicits the models' security reasoning and increases security even when given only the standard prompt with no extra security instructions. PurpCode shows universally lower SecRatio and, comparing to models sharing the same base model (QwQ 32B and Qwen 32B-D), lower FuncSec. $+$ indicates the untrained models are enhanced for BaxBench.
• Figure 4: Results of evaluation on LiveCodeBench. The left panel shows that throughout the training of SecPI, Func on tasks unrelated to security stays comparatively stable. The right panel shows that prompting can degrade functional correctness even for frontier reasoning models.
• Figure 5: Results of the three trace-analysis metrics that we introduce, Security Reasoning, CWE Keyword Coverage, and GPT-assessed Quality, on the traces generated by QwQ 32B on CWEval and BaxBench. We observe a strong correlation between the security of the generated code and the quality of the security reasoning by the three metrics. Overall, SecPI leads to more consistent and accurate security reasoning.