CoTDeceptor:Adversarial Code Obfuscation Against CoT-Enhanced LLM Code Agents

LLM-based code agents(e.g., ChatGPT Codex) are increasingly deployed as detector for code review and security auditing tasks. Although CoT-enhanced LLM vulnerability detectors are believed to provide improved robustness against obfuscated malicious code, we find that their reasoning chains and semantic abstraction processes exhibit exploitable systematic weaknesses.This allows attackers to covertly embed malicious logic, bypass code review, and propagate backdoored components throughout real-world software supply chains.To investigate this issue, we present CoTDeceptor, the first adversarial code obfuscation framework targeting CoT-enhanced LLM detectors. CoTDeceptor autonomously constructs evolving, hard-to-reverse multi-stage obfuscation strategy chains that effectively disrupt CoT-driven detection logic.We obtained malicious code provided by security enterprise, experimental results demonstrate that CoTDeceptor achieves stable and transferable evasion performance against state-of-the-art LLMs and vulnerability detection agents. CoTDeceptor bypasses 14 out of 15 vulnerability categories, compared to only 2 bypassed by prior methods. Our findings highlight potential risks in real-world software supply chains and underscore the need for more robust and interpretable LLM-powered security analysis systems.

Key Contributions

• CoTDeceptor: the first adversarial code obfuscation framework specifically targeting CoT-enhanced LLM vulnerability detectors by exploiting their exposed reasoning chains
• Multi-stage evolving obfuscation strategy chains that are hard to reverse and autonomously constructed without expert effort
• Demonstrated transferable evasion across 14/15 vulnerability categories and multiple SOTA LLMs, far exceeding prior methods (2/15)

🛡️ Threat Analysis

Details

Similar Papers