@misc{sandoval_lost_2023,
	title = {Lost at {C}: {A} {User} {Study} on the {Security} {Implications} of {Large} {Language} {Model} {Code} {Assistants}},
	shorttitle = {Lost at {C}},
	url = {http://arxiv.org/abs/2208.09727},
	abstract = {Large Language Models (LLMs) such as OpenAI Codex are increasingly being used as AI-based coding assistants. Understanding the impact of these tools on developers' code is paramount, especially as recent work showed that LLMs may suggest cybersecurity vulnerabilities. We conduct a security-driven user study (N=58) to assess code written by student programmers when assisted by LLMs. Given the potential severity of low-level bugs as well as their relative frequency in real-world projects, we tasked participants with implementing a singly-linked 'shopping list' structure in C. Our results indicate that the security impact in this setting (low-level C with pointer and array manipulations) is small: AI-assisted users produce critical security bugs at a rate no greater than 10\% more than the control, indicating the use of LLMs does not introduce new security risks.},
	urldate = {2023-03-09},
	publisher = {arXiv},
	author = {Sandoval, Gustavo and Pearce, Hammond and Nys, Teo and Karri, Ramesh and Garg, Siddharth and Dolan-Gavitt, Brendan},
	month = feb,
	year = {2023},
	doi = {10.48550/arXiv.2208.09727},
	keywords = {\#nosource, Computer Science - Cryptography and Security},
}

{"_id":"X8iERJAP9Z37qoNAM","bibbaseid":"sandoval-pearce-nys-karri-garg-dolangavitt-lostatcauserstudyonthesecurityimplicationsoflargelanguagemodelcodeassistants-2023","author_short":["Sandoval, G.","Pearce, H.","Nys, T.","Karri, R.","Garg, S.","Dolan-Gavitt, B."],"bibdata":{"bibtype":"misc","type":"misc","title":"Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants","shorttitle":"Lost at C","url":"http://arxiv.org/abs/2208.09727","abstract":"Large Language Models (LLMs) such as OpenAI Codex are increasingly being used as AI-based coding assistants. Understanding the impact of these tools on developers' code is paramount, especially as recent work showed that LLMs may suggest cybersecurity vulnerabilities. We conduct a security-driven user study (N=58) to assess code written by student programmers when assisted by LLMs. Given the potential severity of low-level bugs as well as their relative frequency in real-world projects, we tasked participants with implementing a singly-linked 'shopping list' structure in C. Our results indicate that the security impact in this setting (low-level C with pointer and array manipulations) is small: AI-assisted users produce critical security bugs at a rate no greater than 10% more than the control, indicating the use of LLMs does not introduce new security risks.","urldate":"2023-03-09","publisher":"arXiv","author":[{"propositions":[],"lastnames":["Sandoval"],"firstnames":["Gustavo"],"suffixes":[]},{"propositions":[],"lastnames":["Pearce"],"firstnames":["Hammond"],"suffixes":[]},{"propositions":[],"lastnames":["Nys"],"firstnames":["Teo"],"suffixes":[]},{"propositions":[],"lastnames":["Karri"],"firstnames":["Ramesh"],"suffixes":[]},{"propositions":[],"lastnames":["Garg"],"firstnames":["Siddharth"],"suffixes":[]},{"propositions":[],"lastnames":["Dolan-Gavitt"],"firstnames":["Brendan"],"suffixes":[]}],"month":"February","year":"2023","doi":"10.48550/arXiv.2208.09727","keywords":"#nosource, Computer Science - Cryptography and Security","bibtex":"@misc{sandoval_lost_2023,\n\ttitle = {Lost at {C}: {A} {User} {Study} on the {Security} {Implications} of {Large} {Language} {Model} {Code} {Assistants}},\n\tshorttitle = {Lost at {C}},\n\turl = {http://arxiv.org/abs/2208.09727},\n\tabstract = {Large Language Models (LLMs) such as OpenAI Codex are increasingly being used as AI-based coding assistants. Understanding the impact of these tools on developers' code is paramount, especially as recent work showed that LLMs may suggest cybersecurity vulnerabilities. We conduct a security-driven user study (N=58) to assess code written by student programmers when assisted by LLMs. Given the potential severity of low-level bugs as well as their relative frequency in real-world projects, we tasked participants with implementing a singly-linked 'shopping list' structure in C. Our results indicate that the security impact in this setting (low-level C with pointer and array manipulations) is small: AI-assisted users produce critical security bugs at a rate no greater than 10\\% more than the control, indicating the use of LLMs does not introduce new security risks.},\n\turldate = {2023-03-09},\n\tpublisher = {arXiv},\n\tauthor = {Sandoval, Gustavo and Pearce, Hammond and Nys, Teo and Karri, Ramesh and Garg, Siddharth and Dolan-Gavitt, Brendan},\n\tmonth = feb,\n\tyear = {2023},\n\tdoi = {10.48550/arXiv.2208.09727},\n\tkeywords = {\\#nosource, Computer Science - Cryptography and Security},\n}\n\n\n\n","author_short":["Sandoval, G.","Pearce, H.","Nys, T.","Karri, R.","Garg, S.","Dolan-Gavitt, B."],"key":"sandoval_lost_2023","id":"sandoval_lost_2023","bibbaseid":"sandoval-pearce-nys-karri-garg-dolangavitt-lostatcauserstudyonthesecurityimplicationsoflargelanguagemodelcodeassistants-2023","role":"author","urls":{"Paper":"http://arxiv.org/abs/2208.09727"},"keyword":["#nosource","Computer Science - Cryptography and Security"],"metadata":{"authorlinks":{}},"html":""},"bibtype":"misc","biburl":"https://bibbase.org/zotero/bxt101","dataSources":["Wsv2bQ4jPuc7qme8R"],"keywords":["#nosource","computer science - cryptography and security"],"search_terms":["lost","user","study","security","implications","large","language","model","code","assistants","sandoval","pearce","nys","karri","garg","dolan-gavitt"],"title":"Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants","year":2023}