Go to ICLR 2026 Conference homepageCross-Model Deception: Transferable Adversarial Attack for Code Search
Keywords: Adversarial Attack, Code Search, Code Embedding Models, Robustness, Attack Transfer
Abstract: Reliable code retrieval is crucial for developer productivity and effective code reuse, significantly impacting software engineering teams and organizations. However, the current neural code language models (CLMs) powering search tools are susceptible to adversarial attacks targeting non-functional textual elements. We introduce a language-agnostic transferable adversarial attack method that exploits this vulnerability of CLMs. Our approach perturbs identifiers within a code snippet without altering its functionality to deceptively align the code with a target query. In particular, we demonstrate that modifications based on smaller models, such as CodeT5+, are highly transferable to larger or closed-source models, like Nomic-emb-code or Voyage-code-3. These modifications can increase the similarity between the query and an arbitrary irrelevant code snippet, consequently degrading key retrieval metrics like Mean Reciprocal Rank (MRR) of the state-of-the-art models by up to 40\%. The experimental results highlight the fragility of current code search methods and underscore the need for more robust, semantic-aware approaches. Our codebase is available at https://github.com/AdvAttackOnNCC/Code_Search_Adversarial_Attack.
Primary Area: applications to computer vision, audio, language, and other modalities
Submission Number: 207
Loading