Papers by Corina S. Pasareanu
When "Correct" Is Not Safe: Can We Trust Functionally Correct Patches Generated by Code Agents? (2026.acl-long)
Copied to clipboard
Yibo Peng, James Song, Lei Li, Xinyu Yang, Mihai Christodorescu, Ravi Mangal, Corina S. Pasareanu, Haizhong Zheng, Beidi Chen
| Challenge: | Code agents are increasingly trusted to autonomously fix bugs on platforms such as GitHub, yet their security evaluation focuses on functional correctness. |
| Approach: | They propose to attack functionally correct yet vulnerable (FCV) patches by combining multi-turn reasoning with tool invocation and environment interaction. |
| Outcome: | The proposed FCV-Attack achieves an attack success rate of 40.7% on GPT-5 Mini + OpenHands. |