Goto

Collaborating Authors

 security guideline


RESCUE: Retrieval Augmented Secure Code Generation

arXiv.org Artificial Intelligence

Despite recent advances, Large Language Models (LLMs) still generate vulnerable code. Retrieval-Augmented Generation (RAG) has the potential to enhance LLMs for secure code generation by incorporating external security knowledge. However, the conventional RAG design struggles with the noise of raw security-related documents, and existing retrieval methods overlook the significant security semantics implicitly embedded in task descriptions. To address these issues, we propose RESCUE, a new RAG framework for secure code generation with two key innovations. First, we propose a hybrid knowledge base construction method that combines LLM-assisted cluster-then-summarize distillation with program slicing, producing both high-level security guidelines and concise, security-focused code examples. Second, we design a hierarchical multi-faceted retrieval to traverse the constructed knowledge base from top to bottom and integrates multiple security-critical facts at each hierarchical level, ensuring comprehensive and accurate retrieval. We evaluated RESCUE on four benchmarks and compared it with five state-of-the-art secure code generation methods on six LLMs. The results demonstrate that RESCUE improves the SecurePass@1 metric by an average of 4.8 points, establishing a new state-of-the-art performance for security. Furthermore, we performed in-depth analysis and ablation studies to rigorously validate the effectiveness of individual components in RESCUE.


Security Guidelines for cloud-native Chatbots

#artificialintelligence

Welcome to the era of digital transformation. In fact, this growing need for quick, easy and effective communication has resulted in – you guessed it – the rise of chatbots. For Chatbots, it need not be foretold that they are going to be the cornerstones of customer engagements over the web. To list a few, they cater to needs like prompt customer support, helping with product FAQs, making reservations of cabs, hotels, etc. All of this has a direct impact on customer satisfaction and brings in stickiness to online branding mediums.


Increasing Adoption Of AI, Autonomous Tech Shows Up Gaps In Cybersecurity Protocols

International Business Times

Futuristic technologies are being adopted at an unprecedented rate -- millions of smart speakers are being sold across the U.S., smart homes are in the making which deploy several internet-of-things devices, and self-driving vehicles are being tested across many states. But even as these technologies are coming ever closer to realization, we haven't yet assessed their usage, impact and security protocols fully. While these technologies become commonplace, the security aspect, especially, has been largely ignored both by the government and the companies backing them. That said, the government has recently begun to act on the issue, making a start with the security guidelines for smart homes. Still, the little bit they have done, like the proposed The Internet Of Things Cybersecurity law, is inadequate as these guidelines cannot be a one-time exercise; they need to be updated periodically -- at least every quarter -- after assessing the risk environment.