Extracting Recurring Vulnerabilities from Black-Box LLM-Generated Software

LLMs are increasingly used for code generation, but their outputs often follow recurring templates that can induce predictable vulnerabilities. We study \emph{vulnerability persistence} in LLM-generated software and introduce \emph{Feature--Security Table (FSTab)} with two components. First, FSTab enables a black-box attack that predicts likely backend vulnerabilities from observable frontend features and knowledge of the source LLM, without access to backend code or source code. Second, FSTab provides a model-centric evaluation that quantifies how consistently a given model reproduces the same vulnerabilities across programs, semantics-preserving rephrasings, and application domains. We evaluate FSTab on state-of-the-art code LLMs, including GPT-5.2, Claude-4.5 Opus, and Gemini-3 Pro, across diverse application domains. Our results show strong cross-domain transfer: even when the target domain is excluded from training, FSTab achieves up to 94\% attack success and 93\% vulnerability coverage on Internal Tools (Claude-4.5 Opus). These findings expose an underexplored attack surface in LLM-generated software and highlight the security risks of code generation. Our code is available at: https://anonymous.4open.science/r/FSTab-024E.

Key Contributions

• FSTab (Feature–Security Table): a database mapping observable frontend features of LLM-generated software to likely hidden backend vulnerabilities, constructed per-model from generated code samples
• Black-box attack achieving up to 94% attack success and 93% vulnerability coverage on held-out target domains by exploiting LLM-specific template recurrence and model identity
• Model-centric evaluation framework quantifying vulnerability persistence (recurrence) across semantic rephrasings and application domains for code-generation LLMs

🛡️ Threat Analysis

Details

Similar Papers