Attacking and Defending Against AI Code Generators: Who Will Win?

March 20, 2025
Categories: Events, Seminar Series

Pietro Liguori 

Department of Electrical Engineering and Information Technology  University of Naples Federico II, Italy.  March 27 11-12 WWH 335

AI-generated code promises faster software development and innovative solutions. Yet, behind these advantages lies a pressing security challenge. In this talk, we reveal how AI code generators can be weaponized through subtle data poisoning attacks, prompting systems to produce code laced with hidden vulnerabilities or malicious functionality. We then examine the strengths and weaknesses of state-of-the-art vulnerability detection techniques and propose novel strategies to fill these gaps. Central to our discussion is DeVAIC, a static analysis tool purpose-built to detect and remediate security flaws in AI-generated code, surpassing existing approaches in both detection and remediation. This talk provides insights into emerging threats posed by AI-powered software creation and uncovers actionable defenses to maintain secure development practices.

Pietro Liguori is an Assistant Professor at the Department of Electrical Engineering and Information Technology (DIETI) of the University of Naples Federico II, Italy. He holds a Ph.D. in Information Technologies and Electrical Engineering and is an active member of the Dependable and Secure Software Engineering and Real-Time Systems (DESSERT) group. His research focuses on the intersection of artificial intelligence and software engineering, particularly in vulnerability detection, adversarial attacks on AI models, and the security implications of AI-generated code. Dr. Liguori has published widely on these topics in top-tier conferences and journals and serves as a reviewer, guest editor, and workshop organizer in leading venues. He also acts as Program Chair for the IEEE International Workshop on Reliable and Secure AI for Software Engineering (ReSAISE) and has guest-edited special issues in both the Journal of Systems and Software (JSS) and the Automated Software Engineering (AUSE) journal.