2026-05-08 –, Main Stage
Large Language Models are increasingly used to assist developers in writing code, but how secure is the code they generate? This lightning talk explores the security risks introduced by LLM-generated code, from common vulnerability patterns to the challenges of evaluating and improving model outputs. Drawing from ongoing PhD research at TruX, SnT (University of Luxembourg), this talk offers a concise overview of the current landscape and open research questions in LLM-assisted secure software development.
In this talk, I would like to present two of my works that challenge the way we think about security in LLM-generated code. The first asks an uncomfortable question: do secure code generation methods actually work? Through a systematic adversarial audit, we show that current evaluation practices create a dangerous illusion of security, and methods that look robust on paper fall apart under simple, realistic prompt perturbations. The second uncovers a quieter but equally dangerous threat: LLMs that confidently recommend software packages that simply do not exist, giving attackers the perfect opportunity to register these fabricated names on open source registries and serve malicious payloads to unsuspecting developers, a practice known as slopsquatting. Together, these works reveal that the security of AI-assisted development is more fragile and more nuanced than the field currently acknowledges.
I am a doctoral researcher at SnT, University of Luxembourg. I investigate how to enable large language models to generate secure code . My work sits at the intersection of AI, software engineering, and cybersecurity.