Go to ICLR 2026 Conference homepageXOXO: Stealthy Cross-Origin Context Poisoning Attacks against AI Coding Assistants
Keywords: ai coding assistants, coding assistants, xoxo, cross-origin context poisoning, attack, robustness, security
Abstract: AI coding assistants automatically gather context from potentially untrusted sources to generate code recommendations. We introduce Cross-Origin Context Poisoning (XOXO), a novel attack that exploits this automatic context inclusion by subtly manipulating code without changing its semantics. Attackers introduce semantics-preserving transformations (e.g., renamed variables) to shared code, causing AI assistants to unknowingly recommend vulnerable code patterns to victims. To systematically identify effective transformations, we present Greedy Cayley Graph Search (GCGS), a black-box algorithm that efficiently composes transformations to identify adversarial inputs. Our evaluation demonstrates XOXO's effectiveness across code generation, secure coding, and reasoning tasks, achieving average attack success rates of 75.72% against state-of-the-art models including GPT 4.1 and Claude 3.5 Sonnet v2, with vulnerability injection rates up to 66.67%. We also demonstrate a real-world attack against GitHub Copilot, highlighting critical security gaps in current AI coding tools.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 17611
Loading