pith. sign in

arxiv: 2506.07313 · v1 · pith:2EYGPFYWnew · submitted 2025-06-08 · 💻 cs.CR

SCGAgent: Recreating the Benefits of Reasoning Models for Secure Code Generation with Agentic Workflows

classification 💻 cs.CR
keywords codescgagentllmssecuresecurityableagenticcoding
0
0 comments X
read the original abstract

Large language models (LLMs) have seen widespread success in code generation tasks for different scenarios, both everyday and professional. However current LLMs, despite producing functional code, do not prioritize security and may generate code with exploitable vulnerabilities. In this work, we propose techniques for generating code that is more likely to be secure and introduce SCGAgent, a proactive secure coding agent that implements our techniques. We use security coding guidelines that articulate safe programming practices, combined with LLM-generated unit tests to preserve functional correctness. In our evaluation, we find that SCGAgent is able to preserve nearly 98% of the functionality of the base Sonnet-3.7 LLM while achieving an approximately 25% improvement in security. Moreover, SCGAgent is able to match or best the performance of sophisticated reasoning LLMs using a non-reasoning model and an agentic workflow.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. SoK: AI Secure Code Generation: Progress, Pitfalls, and Paths Forward

    cs.CR 2026-06 unverdicted novelty 6.0

    The paper introduces a three-level framework for AI secure code generation, finds that principle understanding statistically predicts code outcomes, but identifies persistent knowledge-actuation gaps across models and agents.