Skip to main content
MIT AI Risk Initiative
BackModels generating code with security vulnerabilities
Home/Risks/Gipiškis2024/Models generating code with security vulnerabilities
AI-driven spear phishing attacks
Impacts of AI (Weapons)

Models generating code with security vulnerabilities

Sub-category
Risk Domain
7AI System Safety, Failures & Limitations
7.3Lack of capability or robustness

AI systems that fail to perform reliably or effectively under varying conditions, exposing them to errors and failures that can have significant consequences, especially in critical applications or areas that require moral reasoning.

"Models can generate code or coding suggestions that contain security vulner- abilities. This may occur across various LLM-based model families, including more advanced models with superior coding performance, where the tendency to produce insecure code is even more pronounced [26]."(p. 50)

EntityWho or what caused the harm

Human

Due to a decision or action made by humans

AI system

Due to a decision or action made by an AI system

Other

Due to some other reason or is ambiguous

IntentWhether the harm was intentional or accidental

Intentional

Due to an expected outcome from pursuing a goal

Unintentional

Due to an unexpected outcome from pursuing a goal

Other

Without clearly specifying the intentionality

TimingWhether the risk is pre- or post-deployment

Pre-deployment

Occurring before the AI is deployed

Post-deployment

Occurring after the AI model has been trained and deployed

Other

Without a clearly specified time of occurrence

Part of Impacts of AI (Cyberattacks)

Other risks from Gipiškis2024 (144)

Direct Harm Domains (content safety harms)

1.2 Exposure to toxic content
Not codedNot codedNot coded

Direct Harm Domains (content safety harms) > Violence and extremism

1.2 Exposure to toxic content
Not codedNot codedNot coded

Direct Harm Domains (content safety harms) > Hate and toxicity

1.2 Exposure to toxic content
Not codedNot codedNot coded

Direct Harm Domains (content safety harms) > Sexual content

1.2 Exposure to toxic content
Not codedNot codedNot coded

Direct Harm Domains (content safety harms) > Child harm

1.2 Exposure to toxic content
Not codedNot codedNot coded

Direct Harm Domains (content safety harms) > Self-harm

1.2 Exposure to toxic content
Not codedNot codedNot coded
View all 144 risks from this paper →