{"id":"https://openalex.org/W4415746333","doi":"https://doi.org/10.1109/icsme64153.2025.00086","title":"Explicit Vulnerability Generation with LLMs: An Investigation Beyond Adversarial Attacks","display_name":"Explicit Vulnerability Generation with LLMs: An Investigation Beyond Adversarial Attacks","publication_year":2025,"publication_date":"2025-09-07","ids":{"openalex":"https://openalex.org/W4415746333","doi":"https://doi.org/10.1109/icsme64153.2025.00086"},"language":null,"primary_location":{"id":"doi:10.1109/icsme64153.2025.00086","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00086","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120207607","display_name":"Ahmet Emir Bosnak","orcid":null},"institutions":[{"id":"https://openalex.org/I168864056","display_name":"Bilkent University","ror":"https://ror.org/02vh8a032","country_code":"TR","type":"education","lineage":["https://openalex.org/I168864056"]}],"countries":["TR"],"is_corresponding":true,"raw_author_name":"Ahmet Emir Bosnak","raw_affiliation_strings":["Bilkent University,Turkey"],"affiliations":[{"raw_affiliation_string":"Bilkent University,Turkey","institution_ids":["https://openalex.org/I168864056"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119702575","display_name":"Sahand Moslemi","orcid":null},"institutions":[{"id":"https://openalex.org/I168864056","display_name":"Bilkent University","ror":"https://ror.org/02vh8a032","country_code":"TR","type":"education","lineage":["https://openalex.org/I168864056"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Sahand Moslemi","raw_affiliation_strings":["Bilkent University,Turkey"],"affiliations":[{"raw_affiliation_string":"Bilkent University,Turkey","institution_ids":["https://openalex.org/I168864056"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119702576","display_name":"Mayasah Lami","orcid":null},"institutions":[{"id":"https://openalex.org/I168864056","display_name":"Bilkent University","ror":"https://ror.org/02vh8a032","country_code":"TR","type":"education","lineage":["https://openalex.org/I168864056"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Mayasah Lami","raw_affiliation_strings":["Bilkent University,Turkey"],"affiliations":[{"raw_affiliation_string":"Bilkent University,Turkey","institution_ids":["https://openalex.org/I168864056"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5119702577","display_name":"Anil Koyuncu","orcid":null},"institutions":[{"id":"https://openalex.org/I168864056","display_name":"Bilkent University","ror":"https://ror.org/02vh8a032","country_code":"TR","type":"education","lineage":["https://openalex.org/I168864056"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Anil Koyuncu","raw_affiliation_strings":["Bilkent University,Turkey"],"affiliations":[{"raw_affiliation_string":"Bilkent University,Turkey","institution_ids":["https://openalex.org/I168864056"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5120207607"],"corresponding_institution_ids":["https://openalex.org/I168864056"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.47033188,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"821","last_page":"826"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.15940000116825104,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.15940000116825104,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.1379999965429306,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.07760000228881836,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.7138000130653381},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6773999929428101},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6485000252723694},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5809999704360962},{"id":"https://openalex.org/keywords/unintended-consequences","display_name":"Unintended consequences","score":0.5234000086784363},{"id":"https://openalex.org/keywords/recall","display_name":"Recall","score":0.4627000093460083},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.4291999936103821},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.38510000705718994}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7257999777793884},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.7138000130653381},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6773999929428101},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6485000252723694},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5809999704360962},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5777000188827515},{"id":"https://openalex.org/C2776889888","wikidata":"https://www.wikidata.org/wiki/Q1135789","display_name":"Unintended consequences","level":2,"score":0.5234000086784363},{"id":"https://openalex.org/C100660578","wikidata":"https://www.wikidata.org/wiki/Q18733","display_name":"Recall","level":2,"score":0.4627000093460083},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.4291999936103821},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.38510000705718994},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.3626999855041504},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.3582000136375427},{"id":"https://openalex.org/C31170391","wikidata":"https://www.wikidata.org/wiki/Q188619","display_name":"Hierarchy","level":2,"score":0.33550000190734863},{"id":"https://openalex.org/C134400042","wikidata":"https://www.wikidata.org/wiki/Q2372244","display_name":"Symbol (formal)","level":2,"score":0.32659998536109924},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3246000111103058},{"id":"https://openalex.org/C2779137570","wikidata":"https://www.wikidata.org/wiki/Q16243196","display_name":"EXPOSE","level":2,"score":0.3149999976158142},{"id":"https://openalex.org/C2777363581","wikidata":"https://www.wikidata.org/wiki/Q15098235","display_name":"Harm","level":2,"score":0.31459999084472656},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.30059999227523804},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.28760001063346863},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.28439998626708984},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.2833999991416931},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.27219998836517334},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.2689000070095062},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.26840001344680786},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.2533000111579895},{"id":"https://openalex.org/C12186640","wikidata":"https://www.wikidata.org/wiki/Q6815743","display_name":"Memory model","level":3,"score":0.2526000142097473}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icsme64153.2025.00086","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00086","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W4382317573","https://openalex.org/W4384345705","https://openalex.org/W4388858772","https://openalex.org/W4392414327","https://openalex.org/W4394746043","https://openalex.org/W4402665833","https://openalex.org/W4403536336","https://openalex.org/W4403536889","https://openalex.org/W4405543707","https://openalex.org/W4409510011","https://openalex.org/W4411450156","https://openalex.org/W7093293284"],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"are":[4],"increasingly":[5],"used":[6],"as":[7,216],"code":[8,19,42,78,185],"assistants,":[9],"yet":[10],"their":[11,209],"behavior":[12],"when":[13,43],"explicitly":[14],"asked":[15],"to":[16,92],"generate":[17,109],"insecure":[18],"remains":[20],"poorly":[21],"understood.":[22],"While":[23],"prior":[24],"research":[25],"has":[26],"focused":[27],"on":[28,173,198],"unintended":[29],"vulnerabilities,":[30,112],"this":[31],"study":[32],"examines":[33],"a":[34,47,181,189],"more":[35],"direct":[36,166],"threat:":[37],"open-source":[38,83],"LLMs":[39],"generating":[40],"vulnerable":[41,77],"prompted.":[44],"We":[45,80,145],"propose":[46],"dual":[48],"experimental":[49],"design:":[50],"(1)":[51],"Dynamic":[52,127],"Prompting,":[53,70],"which":[54,71],"systematically":[55],"varies":[56],"vulnerability":[57],"type,":[58],"user":[59],"persona,":[60],"and":[61,67,97,161],"prompt":[62],"phrasing":[63,169],"across":[64,142],"structured":[65],"templates;":[66],"(2)":[68],"Reverse":[69],"derives":[72],"natural-language":[73],"prompts":[74],"from":[75],"real":[76],"samples.":[79],"evaluate":[81],"three":[82],"7B-parameter":[84],"models":[85,107],"(Qwen2,":[86],"Mistral,":[87],"Gemma)":[88],"using":[89],"static":[90],"analysis":[91],"assess":[93],"both":[94],"the":[95,110,120,138,163,174],"presence":[96],"correctness":[98,122],"of":[99,165],"generated":[100],"vulnerabilities.":[101],"Our":[102,192],"results":[103],"show":[104],"that":[105,147,162],"all":[106,143],"frequently":[108],"requested":[111],"though":[113],"with":[114,184],"significant":[115,205],"performance":[116,141],"differences.":[117],"Gemma":[118],"achieves":[119],"highest":[121],"for":[123,132,213],"memory":[124],"vulnerabilities":[125],"under":[126],"Prompting":[128],"(e.g.,":[129,150],"98.6":[130],"%":[131],"buffer":[133],"overflows),":[134],"while":[135],"Qwen2":[136],"demonstrates":[137],"most":[139],"balanced":[140],"tasks.":[144,219],"find":[146],"professional":[148,218],"personas":[149],"\u201cDevOps":[151],"Engineer\u201d)":[152],"consistently":[153],"elicit":[154],"higher":[155],"success":[156],"rates":[157],"than":[158],"student":[159],"personas,":[160],"effectiveness":[164],"versus":[167],"indirect":[168],"is":[170],"inverted":[171],"depending":[172],"prompting":[175],"strategy.":[176],"Vulnerability":[177],"reproduction":[178],"accuracy":[179],"follows":[180],"non-linear":[182],"pattern":[183,199],"complexity,":[186],"peaking":[187],"in":[188,208],"moderate":[190],"range.":[191],"findings":[193],"expose":[194],"how":[195],"LLMs'":[196],"reliance":[197],"recall":[200],"over":[201],"semantic":[202],"reasoning":[203],"creates":[204],"blind":[206],"spots":[207],"safety":[210],"alignments,":[211],"particularly":[212],"requests":[214],"framed":[215],"plausible":[217]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-31T00:00:00"}