SOK: Exploring Hallucinations and Security Risks in AI-Assisted Software Development with Insights for LLM Deployment (2502.18468v1)

Abstract: The integration of LLMs such as GitHub Copilot, ChatGPT, Cursor AI, and Codeium AI into software development has revolutionized the coding landscape, offering significant productivity gains, automation, and enhanced debugging capabilities. These tools have proven invaluable for generating code snippets, refactoring existing code, and providing real-time support to developers. However, their widespread adoption also presents notable challenges, particularly in terms of security vulnerabilities, code quality, and ethical concerns. This paper provides a comprehensive analysis of the benefits and risks associated with AI-powered coding tools, drawing on user feedback, security analyses, and practical use cases. We explore the potential for these tools to replicate insecure coding practices, introduce biases, and generate incorrect or non-sensical code (hallucinations). In addition, we discuss the risks of data leaks, intellectual property violations and the need for robust security measures to mitigate these threats. By comparing the features and performance of these tools, we aim to guide developers in making informed decisions about their use, ensuring that the benefits of AI-assisted coding are maximized while minimizing associated risks.

• The paper provides a systematization of knowledge analyzing the trade-offs between productivity gains and security risks when integrating LLMs into software development.
• User feedback and security analysis evaluated LLM tools, highlighting ChatGPT's strength in generation and explanation, Copilot's in auto-completion, and identifying security risks like data leaks.
• Identifying security threats like adversarial attacks, the paper emphasizes the need for robust security measures, manual code review, and automated testing for effective LLM deployment.

This paper presents a systematization of knowledge (SoK) analysis of the integration of LLMs such as GitHub Copilot, ChatGPT, Cursor AI, and Codeium AI into software development, evaluating the trade-offs between productivity gains and associated risks. It leverages user feedback, security analyses, and practical use cases to guide developers in leveraging the benefits of AI while mitigating potential vulnerabilities.

The paper identifies key contributions around user-centric insights, evaluation of AI coding tools, and security and risk analysis. It incorporates feedback from IT professionals to evaluate the impact of AI tools on productivity, error reduction, and collaboration, addressing issues such as hallucinations and contextual errors. It also analyzes tools like GitHub Copilot, ChatGPT, Cursor AI, and Codeium AI, detailing their capabilities, user benefits, and limitations in improving software development workflows. A critical aspect involves identifying vulnerabilities like data leaks, adversarial attacks, and insecure coding practices, proposing mitigation strategies.

A user feedback dataset of 66 individuals, collected from an IT company across various departments (including Machine Learning/AI, Web Development, Mobile Development, and Software Quality Assurance), evaluates tool features to highlight their strengths and weaknesses. The results, shown in Table 1, indicate that ChatGPT excelled in code generation (4.03), code refactoring (3.90), and code explanation (4.20), while Copilot delivered strong results in code explanation (4.14) and code auto-completion (4.29). Cursor AI demonstrated balanced performance across categories, leading in code auto-completion (3.88). Codeium AI consistently scored the lowest, suggesting areas needing improvement. Sentiment analysis of the feedback revealed that ChatGPT received the highest positive sentiment, with 46 positive ratings, 8 negative ratings, and 12 neutral ratings. Copilot received a more mixed response, with 27 positive, 25 negative, and 14 neutral ratings. Cursor AI and Codeium AI had 40 and 38 positive responses, respectively.

The paper analyzes LLM tools for code generation, focusing on Copilot, ChatGPT, Codium, and Cursor AI.

• Copilot: An AI-powered coding assistant that provides real-time code suggestions and advice.
  • Evaluation: In a computer vision project evaluation, Copilot's responses were often inadequate, with repeated hallucinations and redundant suggestions, despite using the GPT-4o model. While Copilot can integrate codebases and files into queries, most responses are textual explanations with code snippets, lacking specific implementation guidance.
  • User Feedback: Copilot reduces code review and refactoring time by 15 to 30 minutes per task. Users rated the quality of Copilot-generated code: 14.3\% at 60\%, 57.1\% at 70\%, 14.3\% at 80\%, and 4.3\% at 85\%. Error identification effectiveness received an average rating of 3.85 out of 5.
  • Security Analysis: Copilot poses security risks due to its reliance on datasets and integration systems. The Enterprise version allows training on private repositories, which may result in unintentional data leaks if improperly handled. Additional dangers may arise from external integrations, such as Bing Search, for information gathering.
  • Case Study: GitHub Copilot can generate code, explain code, and complete code. It can leverage open-source GPT models and be used for mistake correction and debugging.
• ChatGPT: A conversational platform that uses OpenAI's LLMs for text generation, question answering, and task assistance.
  • Evaluation: ChatGPT faces security threats, including prompt injection, data poisoning, model inversion, adversarial attacks, and privacy breaches. Critical issues include dead or unreachable code and robustness issues.
  • User Feedback: ChatGPT saves 15 to 30 minutes on code review and refactoring tasks and up to 35 minutes on research and documentation. Its generated code quality was rated, with 15.9\% rating it at 80\% and 13.6\% rating it at 85%. Error identification capabilities received an average rating of 3.85 out of 5, with 76.7\% of users reporting enhanced collaboration and code-sharing.
  • Security Analysis: ChatGPT uses Redis to store user data, and hackers have exploited this weakness to access chat histories. Data leaks have occurred, including a 2023 breach by OpenAI that exposed 1.2\% of ChatGPT Plus users' data for nine hours.
  • Case Study: ChatGPT generates code based on specific instructions, understands project context, comprehends code flow, and manages multiple adjustments simultaneously.
• Cursor AI: An AI code editor that enhances productivity by anticipating edits and providing intelligent coding suggestions.
  • Evaluation: Cursor AI has limitations with complex projects and struggles with larger project structures. It may mistake current file versions for outdated ones, leading to incorrect suggestions.
  • User Feedback: User survey data indicated that 15.2\% of users rated its generated code quality at 50%, with 9.1\% rating it between 60% and 80%.
  • Security Analysis: Cursor AI uses subprocessors and cloud services. Telemetry and usage data, such as code snippets and editor actions, are gathered to enhance AI capabilities. With privacy mode enabled, no code data is stored or retained by Cursor or any third party.
  • Case Study: Cursor predicts next steps based on recent changes, tracks the codebase, suggests code, enhances navigation, and streamlines coding.
• Codeium AI: An AI-driven tool that improves code quality and automates testing.
  • Evaluation: Codeium allows on-premise deployment, making it secure and customizable for specific projects. It is fully integrated and works with other development tools, so it can be used alongside existing workflows without risk.
  • User Feedback: Surveys revealed that Codeium significantly streamlined workflows, with time savings highlighted as a major benefit. Its generated code quality was rated with peaks at 40% and 60%, each at 12.5%, while higher ratings above 75% were relatively scarce.
  • Security Analysis: Codeium processes code snippets, metadata, user authentication details, and model configurations, which are transmitted through its system using cloud infrastructure. Codeium mitigates these risks by implementing strict code review guidelines, employing contractual safeguards for cross-border transfers, and using advanced user authentication and access control.
  • Case Study: Codeium's code generation feature enables code generation simply by describing tasks in natural language. Codeium offers real-time debugging through its integrated chat support and helps users understand code easily by providing clear, concise explanations.

The paper highlights that LLM security comprises practices to protect LLMs from threats and vulnerabilities. Regular code reviews, secure concurrent programming, and adherence to OWASP guidelines are crucial. Data encryption using methods like AES and TLS ensures data security. Deploying firewalls and intrusion detection systems and providing ongoing security training for developers are essential for LLM security. Key components of an LLM security strategy involve data security, model security, infrastructure security, and ethical concerns.

The authors note that LLM code vulnerabilities are security issues or weaknesses in code produced by LLMs. These can stem from technical errors, human error, or the reuse of open-source software. Examples include SQL injection and buffer overflow vulnerabilities.

The paper defines LLM hallucination as instances where a LLM generates incorrect, irrelevant, or nonsensical information. This can lead to misleading or false outputs that may confuse users or propagate misinformation. Examples include intent conflicts (where generated code misaligns with task goals), context deviations (logical inconsistencies), and knowledge errors (misuse of APIs or undefined identifiers).

To illustrate security risks, the paper describes scenarios where attackers can manipulate prompts to elicit biased responses or extract sensitive data. The discussion section synthesizes observations from the investigation, highlighting productivity gains, security concerns, and code quality issues. While LLMs increase productivity by reducing time on debugging and code generation, they introduce security risks such as replicating existing vulnerabilities and potential data leaks.

The paper concludes by emphasizing the need for robust security measures, manual code reviews, and automated testing tools to ensure that AI-generated code meets required standards of quality and security. By implementing security measures, reviewing code carefully, and adhering to ethical guidelines, the software development community can harness AI effectively while minimizing drawbacks.