search
HomeTechnology peripheralsAIResearchers find much of the code generated by ChatGPT is insecure, but it won't tell you

研究人员发现 ChatGPT 生成的代码大部分不安全,但它不会主动告诉你

News on April 23, the ChatGPT chatbot can generate a variety of text, including code, based on user input. However, four researchers from the University of Quebec in Canada found that the code generated by ChatGPT often has serious security problems, and it does not proactively alert users of these problems, and will only admit its mistakes when users ask.

The researchers introduced their findings in a paper. IT House reviewed the paper and found that they had ChatGPT generate 21 programs and scripts involving languages ​​such as C, C, Python and Java. These programs and scripts are designed to demonstrate specific security vulnerabilities, such as memory corruption, denial of service, deserialization, and encryption implementation vulnerabilities. The results showed that only 5 out of 21 programs generated by ChatGPT were safe on the first try. After further prompting to correct its erroneous steps, the large language model managed to generate 7 more secure applications, although this was only "safe" with respect to the specific vulnerability being evaluated, not to say that the final code didn't have anything else that could be done. Exploited vulnerabilities.

Researchers pointed out that part of ChatGPT’s problem is that it does not take into account the adversarial code execution model. It will repeatedly tell users that security issues can be avoided by "not entering invalid data," but this is not feasible in the real world. However, it appears to be aware of and admit to critical vulnerabilities in its proposed code.

Raphaël Khoury, a professor of computer science and engineering at the University of Quebec and one of the paper's co-authors, told The Register: "Obviously, it's just an algorithm. It doesn't know anything, but it can identify insecure behavior." He said that initially ChatGPT's response to the security issue was to recommend only using valid input, which was clearly unreasonable. It only provides useful guidance when later asked to improve the problem.

Researchers believe that this behavior of ChatGPT is not ideal because users knowing what questions to ask require some knowledge of specific vulnerabilities and coding techniques.

The researchers also pointed out that there are ethical inconsistencies in ChatGPT. It will deny the creation of attacking code, but will create vulnerable code. They gave an example of a Java deserialization vulnerability, "The chatbot generated vulnerable code and provided suggestions on how to make it more secure, but said it could not create a more secure version of the code."

Khoury believes that ChatGPT is a risk in its current form, but that’s not to say there aren’t sensible ways to use this unstable, underperforming AI assistant. "We've seen students using this tool, and programmers are using this tool in real life," he said. "So having a tool that generates unsafe code is very dangerous. We need to make students aware that if the code is Generated with this type of tool, then it's probably unsafe." He also said that he was surprised that when they asked ChatGPT to generate code for the same task in different languages, sometimes for one language, It will generate secure code, and for another language, it will generate vulnerable code. "Because this language model is kind of like a black box, I don't really have a good explanation or theory for this. ”

The above is the detailed content of Researchers find much of the code generated by ChatGPT is insecure, but it won't tell you. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:51CTO.COM. If there is any infringement, please contact admin@php.cn delete
AI For Runners And Athletes: We're Making Excellent ProgressAI For Runners And Athletes: We're Making Excellent ProgressApr 22, 2025 am 11:12 AM

There were some very insightful perspectives in this speech—background information about engineering that showed us why artificial intelligence is so good at supporting people’s physical exercise. I will outline a core idea from each contributor’s perspective to demonstrate three design aspects that are an important part of our exploration of the application of artificial intelligence in sports. Edge devices and raw personal data This idea about artificial intelligence actually contains two components—one related to where we place large language models and the other is related to the differences between our human language and the language that our vital signs “express” when measured in real time. Alexander Amini knows a lot about running and tennis, but he still

Jamie Engstrom On Technology, Talent And Transformation At CaterpillarJamie Engstrom On Technology, Talent And Transformation At CaterpillarApr 22, 2025 am 11:10 AM

Caterpillar's Chief Information Officer and Senior Vice President of IT, Jamie Engstrom, leads a global team of over 2,200 IT professionals across 28 countries. With 26 years at Caterpillar, including four and a half years in her current role, Engst

New Google Photos Update Makes Any Photo Pop With Ultra HDR QualityNew Google Photos Update Makes Any Photo Pop With Ultra HDR QualityApr 22, 2025 am 11:09 AM

Google Photos' New Ultra HDR Tool: A Quick Guide Enhance your photos with Google Photos' new Ultra HDR tool, transforming standard images into vibrant, high-dynamic-range masterpieces. Ideal for social media, this tool boosts the impact of any photo,

What are the TCL Commands in SQL? - Analytics VidhyaWhat are the TCL Commands in SQL? - Analytics VidhyaApr 22, 2025 am 11:07 AM

Introduction Transaction Control Language (TCL) commands are essential in SQL for managing changes made by Data Manipulation Language (DML) statements. These commands allow database administrators and users to control transaction processes, thereby

How to Make Custom ChatGPT? - Analytics VidhyaHow to Make Custom ChatGPT? - Analytics VidhyaApr 22, 2025 am 11:06 AM

Harness the power of ChatGPT to create personalized AI assistants! This tutorial shows you how to build your own custom GPTs in five simple steps, even without coding skills. Key Features of Custom GPTs: Create personalized AI models for specific t

Difference Between Method Overloading and OverridingDifference Between Method Overloading and OverridingApr 22, 2025 am 10:55 AM

Introduction Method overloading and overriding are core object-oriented programming (OOP) concepts crucial for writing flexible and efficient code, particularly in data-intensive fields like data science and AI. While similar in name, their mechanis

Difference Between SQL Commit and SQL RollbackDifference Between SQL Commit and SQL RollbackApr 22, 2025 am 10:49 AM

Introduction Efficient database management hinges on skillful transaction handling. Structured Query Language (SQL) provides powerful tools for this, offering commands to maintain data integrity and consistency. COMMIT and ROLLBACK are central to t

PySimpleGUI: Simplifying GUI Development in Python - Analytics VidhyaPySimpleGUI: Simplifying GUI Development in Python - Analytics VidhyaApr 22, 2025 am 10:46 AM

Python GUI Development Simplified with PySimpleGUI Developing user-friendly graphical interfaces (GUIs) in Python can be challenging. However, PySimpleGUI offers a streamlined and accessible solution. This article explores PySimpleGUI's core functio

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor