メインコンテンツまでスキップ

Part III—Security Gauntlet

Reflecting on risks specific to AI-generated code, we define a mandatory multi-stage bulletproof vest.

Stage 1: Baseline (SAST & SCA)

  • OWASP Top 10 pattern detection
  • Dependency CVE scan
  • Hardcoded secrets detection
  • Input data validation and sanitization
  • Application of strong encryption algorithms and key management
  • Detection of dangerous functions/patterns (SQL string concatenation, eval, etc.)
  • Proper authentication and session management
  • Detection of missing authorization/access control
  • Management of library vulnerabilities (Old versions or known vulns)

Stage 2: LLM-Specific Vulnerabilities

  • Mimicry of Insecure Patterns
  • False Confidence (Verification needed even with high confidence)
  • Prompt Injection (Review prompt as first-class artifact)
Attack VectorMitigation (Example)
Instruction OverrideFix priority interpretation in system prompt
Roleplay / DANPrevent jailbreak via output validation
Obfuscation / TypoInput normalization / Suspicious pattern detection
Template DestructionReplace with harmless template prompt
Context PoisoningSession validation before important items
Logic ManipulationMake HITL human judgment mandatory

Stage 3: Supply Chain / Model Integrity

  • Training data poisoning, algorithmic/ethical bias
  • Model Due Diligence (Transparency reports / Security evaluation)