# code-gen
22 artikelengetagd met “code-gen”
Technieken om AI-codereview te omzeilen
Techniques for crafting code changes that evade AI-powered security review tools while introducing vulnerabilities or backdoors.
AI-gegenereerde dependency confusion
Exploiting LLM tendency to hallucinate package names for dependency confusion attacks.
Aanvallen op AI-pairprogramming
Attack vectors specific to AI pair programming workflows including suggestion manipulation, context injection, and trust exploitation.
Risico's van codegeneratie in CI/CD (codegeneratie-beveiliging)
Security risks of AI-generated code in CI/CD pipelines including automated merge attacks, test generation manipulation, and pipeline injection.
Sandbox escape van code-agents
Techniques for escaping sandboxed code execution environments in AI code agents.
Technieken voor misbruik van codeerassistenten
Techniques for exploiting AI code assistants to generate insecure code or leak repository information.
Data-exfiltratie via code-completion
Using code completion interfaces to exfiltrate sensitive data from development environments including secrets, API keys, and proprietary code.
Manipulatie van AI voor codereview
Manipulating AI code review systems to approve vulnerable code or miss security issues.
Aanvalsvectoren bij codevertaling
Exploiting AI code translation to introduce vulnerabilities during language migration.
Poisoning van codebasecontext
Poisoning repository files that AI coding assistants use for context to influence code suggestions across the entire development team.
Injection-aanvallen via commit messages
Using crafted commit messages to inject adversarial instructions into AI code review tools that process git history for context.
Injection-aanvallen op Copilot
Prompt injection through repository context that influences code generation suggestions.
Aanvallen via dependency-suggesties
Manipulating AI coding assistants to suggest malicious dependencies, typosquatted packages, or vulnerable library versions.
Beveiliging van autonome codeeragents
Security analysis of autonomous coding agents like Devin, including scope creep and unintended actions.
Op documentatie gebaseerde code injection
Embedding adversarial instructions in code comments, docstrings, and documentation files that influence AI code generation.
Injection-aanvallen via IDE-plug-ins
Exploiting IDE-integrated AI coding assistants through workspace context poisoning, configuration manipulation, and extension-based injection vectors.
Patronen van onveilige codegeneratie
Common patterns of insecure code generated by LLMs including injection, authentication, and crypto flaws.
Aanvallen via context over meerdere bestanden
Exploiting how AI coding assistants process multi-file context to create distributed injection payloads across repository files.
AI-manipulatie bij PR-review
Techniques for manipulating AI-powered code review tools to approve malicious changes or miss security vulnerabilities.
Vergiftiging van repositorycontext
Poisoning repository context (README, comments, issues) to influence code generation behavior.
Misbruik van testgeneratie
Manipulating AI test generation to produce tests that pass but miss critical vulnerabilities.
Geavanceerde manipulatie van testgeneratie
Advanced techniques for manipulating AI-generated tests to create false assurance by generating tests that pass but don't verify security properties.