Researchers are increasingly concerned about vulnerabilities linked to large language models (LLMs) in software generation. A team from the Technion developed a novel framework called the Feature Security Table (FSTab), which predicts backend vulnerabilities from observable frontend features without access to code or model specifics. Their findings show strong cross-domain transfer, achieving up to 94% attack success on models like Claude-4.5 Opus. This research highlights a crucial gap in LLM security by enabling proactive vulnerability prediction rather than post-hoc detection. FSTab acts as a black-box attack mechanism, mapping backend vulnerabilities to visible frontend features, facilitating efficient vulnerability triage. By identifying predictable patterns in LLM outputs, the study exposes an under-explored attack surface and emphasizes the risks of relying on LLMs for code creation. The findings point to the necessity for security measures to mitigate predictable insecure code generation, ultimately paving the way for safer software development practices in the age of AI.
Source link
