RealSec-bench: A Benchmark for Evaluating Secure Code Generation in Real-World Repositories (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing benchmarks for large language models fail to capture complex interplay between functionality and security. |
| Approach: | They propose a benchmark for secure code generation constructed from real-world, high-risk Java repositories. |
| Outcome: | The proposed benchmarks highlight the gap between functional and secure code generation in LLMs. |
Similar Papers
A.S.E: A Repository-Level Benchmark for Evaluating Security in AI-Generated Code (2026.findings-acl)
Copied to clipboard
Keke Lian, Wang Bin, Lei Zhang, Libo Chen, Junjie Wang, Ziming Zhao, Yujiu Yang, Miaoqian Lin, Haotong Duan, Haoran Zhao, Shuang Liao, Mingda Guo, Quan Jiazheng, Yilu Zhong, Chenhao He, Chen Zichuan, Jie Wu, Haoling Li, Zhaoxuan Li, Jiongchi Yu, Hui LI, Dong Zhang
| Challenge: | Existing security evaluation benchmarks lack relevance to real-world AI programming tasks . current LLMs struggle with secure coding, research shows . |
| Approach: | They propose a repository-level evaluation benchmark to assess security of AI-generated code. |
| Outcome: | The proposed framework mirrors real-world AI programming tasks and offers valuable insights into the state of AI code generation. |
ReCode: Robustness Evaluation of Code Generation Models (2023.acl-long)
Copied to clipboard
Shiqi Wang, Zheng Li, Haifeng Qian, Chenghao Yang, Zijian Wang, Mingyue Shang, Varun Kumar, Samson Tan, Baishakhi Ray, Parminder Bhatia, Ramesh Nallapati, Murali Krishna Ramanathan, Dan Roth, Bing Xiang
| Challenge: | Existing work on robustness in text or code tasks has focused on classification, while robustness for code generation tasks is an uncharted area. |
| Approach: | They propose a robustness evaluation benchmark for code generation models that customizes over 30 transformations specifically for code on docstrings, function and variable names, code syntax, and code format. |
| Outcome: | The proposed model performs better on human annotators and on SOTA models with human annnotators. |
Benchmarking LLMs and LLM-based Agents in Practical Vulnerability Detection for Code Repositories (2025.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have shown promise in software vulnerability detection, especially on function-level benchmarks like Devign and BigVul. |
| Approach: | They propose a JIT vulnerability detection benchmark linking each function to its vulnerability-introducing and fixing commits. |
| Outcome: | The proposed JIT vulnerability detection benchmark enables comprehensive evaluation of detection capabilities. |
SolEval: Benchmarking Large Language Models for Repository-level Solidity Smart Contract Generation (2025.emnlp-main)
Copied to clipboard
| Challenge: | Existing methods focus on Python and Java, neglecting Solidity, the programming language for Ethereum smart contracts. |
| Approach: | They construct a repository-level benchmark for Solidity to evaluate the performance of LLMs on Ethereum. |
| Outcome: | The proposed benchmarks show that the best performing LLM achieves only 26.29% Pass@10, highlighting room for improvement in Solidity code generation. |
LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges (2025.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have a high vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs. |
| Approach: | They propose to use large language models to test their security against jailbreak attacks that leverage crafted prompts to generate malicious outputs. |
| Outcome: | The proposed model is based on 320 manually crafted malicious code generation requirements, covering 11 jailbreak methods and 29 code functionality categories. |
AutoSUIT Bench - Automated Security UnIt Test Benchmark for LLM Coding (2026.findings-acl)
Copied to clipboard
Samuel Osebe, Fan Yang, Junyi Li, Yue Gu, Yongxin Wang, Satyapriya Krishna, Kai-Wei Chang, Aram Galstyan, Rahul Gupta, Weitong Ruan
| Challenge: | Large Language Models (LLMs) are evolving rapidly on code generation tasks. |
| Approach: | They propose to automate the vulnerability code benchmark creation with iterative auto validation. |
| Outcome: | The proposed benchmark covers 232 CWE categories across C/C++, Java, and Python languages. |
Can You Really Trust Code Copilot? Evaluating Large Language Models from a Code Security Perspective (2025.acl-long)
Copied to clipboard
| Challenge: | Existing code security benchmarks focus on one task and paradigm, such as code completion and generation, without comprehensive assessment across dimensions like secure code generation, vulnerability repair and discrimination. |
| Approach: | They propose a multi-task benchmark for comprehensive evaluation of LLM code security . they also propose VC-Judge, an improved judgment model that aligns closely with human experts . |
| Outcome: | The proposed model can evaluate LLM-generated programs for vulnerabilities in a more efficient and reliable way. |
PythonSaga: Redefining the Benchmark to Evaluate Code Generating LLMs (2024.findings-emnlp)
Copied to clipboard
| Challenge: | *HumanEval* and *MBPP* are two popular benchmarks for Python code generation. |
| Approach: | They propose a large-scale human evaluation of two popular Python benchmarks . they propose 185 hand-crafted prompts in a balanced representation of 38 programming concepts across diverse difficulty levels. |
| Outcome: | The proposed benchmarks show a critical bias towards a limited set of programming concepts, neglecting most of the other concepts entirely. |
DevEval: A Manually-Annotated Code Generation Benchmark Aligned with Real-World Code Repositories (2024.findings-acl)
Copied to clipboard
Jia Li, Ge Li, Yunfei Zhao, Yongmin Li, Huanyu Liu, Hao Zhu, Lecheng Wang, Kaibo Liu, Zheng Fang, Lanshen Wang, Jiazheng Ding, Xuanming Zhang, Yuqi Zhu, Yihong Dong, Zhi Jin, Binhua Li, Fei Huang, Yongbin Li, Bin Gu, Mengfei Yang
| Challenge: | Existing benchmarks are poorly aligned with real-world code repositories and are insufficient to evaluate the coding abilities of Large Language Models (LLMs). |
| Approach: | They propose a repository-level benchmark named DevEval to evaluate LLMs' coding abilities in real-world code repositories. |
| Outcome: | The proposed benchmarks show that the LLMs perform better in real-world code repositories than existing benchmarks. |
SafeRAG: Benchmarking Security in Retrieval-Augmented Generation of Large Language Model (2025.acl-long)
Copied to clipboard
Xun Liang, Simin Niu, Zhiyu Li, Sensen Zhang, Hanyu Wang, Feiyu Xiong, Zhaoxin Fan, Bo Tang, Jihao Zhao, Jiawei Yang, Shichao Song, Mengwei Wang
| Challenge: | Existing approaches to integrating external knowledge into large language models (LLMs) however, the incorporation of external knowledge increases the vulnerability of LLMs . |
| Approach: | They propose a benchmark to evaluate the RAG security using a dataset . they classify attack tasks into silver noise, inter-context conflict, soft ad, and white Denial-of-Service . |
| Outcome: | The proposed benchmark evaluates the security of RAG against 14 representative RAG components. |