DETECTION OF VULNERABILITIES IN AI-GENERATED SOFTWARE CODE USING TRANSFORMER-BASED MODELS

Authors

  • Bashir Khan
  • Dr. Amber Sarwar Hashmi
  • Sumaira Rasool
  • Salman Khan

Abstract

The convenience of AI code generation technologies has increased software development productivity, but it also introduces a higher risk of insecure code. The code generated by AI is often syntactically correct, but semantically vulnerable, posing significant cyber security risks for enterprise, critical infrastructure, and consumer software environments. The research is qualitative doctrinal and exploratory in nature based on interpretivist epistemological approach and focuses on identification of vulnerabilities in software code generated by AI using transformer based models. The secondary data was collected systematically from scholarly journal articles, conference proceedings, cybersecurity databases, and trusted sources such as Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE). Thematic content analysis and comparative qualitative analysis of the transformer architectures (BERT, CodeBERT, GraphCodeBERT, GPT-4, UniXcoder) for detection, classification and explanation of security vulnerabilities (SQL injection, buffer overflow, cross-site scripting (XSS), insecure authentication, memory management errors). The results demonstrate that the transformer-based models significantly outperform the classical static analysis tools in terms of accuracy in detecting errors, and that the models pre-trained on code corpora and enriched with data flow graph representations of the programs are the most effective. GraphCodeBERT and CodeBERT are found to be especially suitable for the classification of vulnerability, and GPT-4 exhibits its explainability through natural language reasoning. The study highlights persistent challenges such as false positive rates, lack of diversity in training material and poor explainability in certain architectures. The paper discusses practical implications for developers, security engineers and organizational policymakers, and makes recommendations for the integration of the transformer-based detection into the DevSecOps pipelines

Downloads

Published

2026-05-12

How to Cite

Bashir Khan, Dr. Amber Sarwar Hashmi, Sumaira Rasool, & Salman Khan. (2026). DETECTION OF VULNERABILITIES IN AI-GENERATED SOFTWARE CODE USING TRANSFORMER-BASED MODELS. Spectrum of Engineering Sciences, 4(5), 851–867. Retrieved from https://thesesjournal.com/index.php/1/article/view/2776

Issue

Vol. 4 No. 5 (2026): Spectrum of Engineering Sciences

Section

Articles