{"id":"https://openalex.org/W4413640084","doi":"https://doi.org/10.1109/csr64739.2025.11130176","title":"Security Vulnerabilities in AI-Generated JavaScript: A Comparative Study of Large Language Models","display_name":"Security Vulnerabilities in AI-Generated JavaScript: A Comparative Study of Large Language Models","publication_year":2025,"publication_date":"2025-08-04","ids":{"openalex":"https://openalex.org/W4413640084","doi":"https://doi.org/10.1109/csr64739.2025.11130176"},"language":"en","primary_location":{"id":"doi:10.1109/csr64739.2025.11130176","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130176","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119433242","display_name":"Deniz Ayd\u0131n","orcid":null},"institutions":[{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":true,"raw_author_name":"Deniz Ayd\u0131n","raw_affiliation_strings":["Istanbul Technical University, Maslak,Cyber Security and Privacy Research Lab, SPFLab,Istanbul,T&#x00FC;rkiye,34469"],"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Maslak,Cyber Security and Privacy Research Lab, SPFLab,Istanbul,T&#x00FC;rkiye,34469","institution_ids":["https://openalex.org/I48912391"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040808125","display_name":"\u015eerif Baht\u0131yar","orcid":"https://orcid.org/0000-0003-0314-2621"},"institutions":[{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"\u015eerif Bahtiyar","raw_affiliation_strings":["Istanbul Technical University, Maslak,Cyber Security and Privacy Research Lab, SPFLab,Istanbul,T&#x00FC;rkiye,34469"],"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Maslak,Cyber Security and Privacy Research Lab, SPFLab,Istanbul,T&#x00FC;rkiye,34469","institution_ids":["https://openalex.org/I48912391"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5119433242"],"corresponding_institution_ids":["https://openalex.org/I48912391"],"apc_list":null,"apc_paid":null,"fwci":0.6204,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.76820626,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"200","last_page":"205"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.8138999938964844,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}},"topics":[{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.8138999938964844,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7335000038146973,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.7260000109672546,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8242365717887878},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.7997181415557861},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5948259830474854},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4348083734512329},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.3688209652900696},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.26401299238204956},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.25800544023513794},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.19316312670707703}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8242365717887878},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.7997181415557861},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5948259830474854},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4348083734512329},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3688209652900696},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.26401299238204956},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.25800544023513794},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.19316312670707703},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/csr64739.2025.11130176","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130176","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},{"id":"pmh:oai:polen.itu.edu.tr:11527/66787","is_oa":false,"landing_page_url":"https://hdl.handle.net/11527/66787","pdf_url":null,"source":{"id":"https://openalex.org/S4306400460","display_name":"Istanbul Technical University Academic Open Archive (Istanbul Technical University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I48912391","host_organization_name":"Istanbul Technical University","host_organization_lineage":["https://openalex.org/I48912391"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities","score":0.46000000834465027}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2461078469","https://openalex.org/W123790205","https://openalex.org/W2085515337","https://openalex.org/W4393108609","https://openalex.org/W4281398044","https://openalex.org/W2068531859","https://openalex.org/W2408546415"],"abstract_inverted_index":{"Large":[0,46],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4],"been":[5],"widely":[6],"used":[7],"in":[8,26,69,83,170],"software":[9],"development,":[10],"yet":[11],"the":[12,74,92,160,167],"security":[13,24,58,163,168],"of":[14,91,134,142,151],"AI-generated":[15,70],"code":[16,28,71,96],"remains":[17],"a":[18,53,131],"critical":[19],"concern.":[20],"This":[21],"research":[22,158],"examines":[23],"vulnerabilities":[25,68,106,114],"JavaScript":[27,95],"generated":[29,94,116],"by":[30],"six":[31],"LLMs,":[32],"which":[33],"are":[34],"ChatGPT-4o,":[35],"Claude":[36],"v3.5":[37],"Sonnet,":[38],"DeepSeek":[39],"R1":[40],"70B,":[41],"Llama":[42],"3.1":[43],"405B,":[44],"Mistral":[45],"2,":[47],"and":[48,72,120,145],"Nova":[49],"Pro.":[50],"We":[51,100,125],"propose":[52],"new":[54],"approach":[55],"to":[56,129,165],"assess":[57],"vulnerabilities.":[59,99],"Using":[60],"100":[61],"identical":[62],"complex":[63],"prompts,":[64],"we":[65],"systematically":[66],"assessed":[67],"analyzed":[73],"most":[75],"frequently":[76],"occurring":[77],"Common":[78],"Weakness":[79],"Enumeration":[80],"(CWE)":[81],"categories":[82],"different":[84],"LLMs.":[85],"Our":[86,157],"results":[87],"show":[88],"that":[89],"275":[90],"600":[93],"snippets":[97],"contain":[98],"also":[101,126],"identify":[102],"$\\mathbf{6":[103],"0":[104],"2}$":[105],"from":[107],"28":[108],"CWEs.":[109],"While":[110],"all":[111],"LLMs":[112],"introduce":[113,127],"into":[115],"code,":[117],"their":[118],"CWE":[119],"severity":[121],"distribution":[122],"vary":[123],"significantly.":[124],"metrics":[128],"ensure":[130],"fair":[132],"comparison":[133],"LLM":[135],"capabilities,":[136],"such":[137],"as":[138,154],"Vulnerabilities":[139],"per":[140,149],"Line":[141,150],"Code":[143,152],"(V/LoC)":[144],"Weighted":[146],"Security":[147],"Risk":[148],"(WSR/LoC)":[153],"evaluation":[155],"metrics.":[156],"highlights":[159],"need":[161],"for":[162],"measures":[164],"mitigate":[166],"risks":[169],"AIgenerated":[171],"code.":[172]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}