A Mixture of Linear Corrections Generates Secure Code

Weichen Yu; Ravi Mangal; Terry Yue Zhuo; Matt Fredrikson; Corina S. Pasareanu

A Mixture of Linear Corrections Generates Secure Code

Weichen Yu, Ravi Mangal, Terry Yue Zhuo, Matt Fredrikson, Corina S. Pasareanu

Published: 08 Nov 2025, Last Modified: 08 Nov 2025ResponsibleFM @ NeurIPS 2025EveryoneRevisionsBibTeXCC BY 4.0

Keywords: Safe code generation, LLM, steering vector

TL;DR: A mixture of correction vectors can help generation safer and correct code.

Abstract: Large language models (LLMs) have become proficient at sophisticated code-generation tasks, yet remain ineffective at reliably detecting or avoiding code vulnerabilities. Does this deficiency stem from insufficient learning about code vulnerabilities, or is it merely a result of ineffective prompting? Using representation engineering techniques, we investigate whether LLMs internally encode the concepts necessary to identify code vulnerabilities. We find that current LLMs encode precise internal representations that distinguish vulnerable from secure code--achieving greater accuracy than standard prompting approaches. Leveraging these vulnerability-sensitive representations, we develop an inference-time steering technique that subtly modulates the model's token-generation probabilities through a mixture of corrections (MoC). Our method effectively guides LLMs to produce less vulnerable code without compromising functionality, demonstrating a practical approach to controlled vulnerability management in generated code. Notably, MoC enhances the security ratio of Qwen2.5-Coder-7B by 8.9\%, while simultaneously improving functionality on HumanEval pass@1 by 2.1\%.

Submission Number: 6

Loading