SecCoderX uses reinforcement learning to generate secure code without sacrificing functionality.
Large language models (LLMs) are increasingly used in software development, yet their tendency to generate insecure code remains a major barrier to real-world deployment. Existing secure code alignment methods often suffer from a functionality--security paradox, improving security at the cost of substantial utility degradation. We propose SecCoderX, an online reinforcement learning framework for functionality-preserving secure code generation. SecCoderX first bridges vulnerability detection and secure code generation by repurposing mature detection resources in two ways: (i) synthesizing diverse, reality-grounded vulnerability-inducing coding tasks for online RL rollouts, and (ii) training a reasoning-based vulnerability reward model that provides scalable and reliable security supervision. Together, these components are unified in an online RL loop to align code LLMs to generate secure and functional code. Extensive experiments demonstrate that SecCoderX achieves state-of-the-art performance, improving Effective Safety Rate (ESR) by approximately 10% over unaligned models, whereas prior methods often degrade ESR by 14-54%. We release our code, dataset and model checkpoints at https://github.com/AndrewWTY/SecCoderX.
Existing secure code generation methods improve security by 11-16% but reduce functionality by 14-54%, making them impractical.
SecCoderX repurposes vulnerability detection datasets to create 24,000 realistic coding prompts across five programming languages.
A CWE-conditioned vulnerability reward model guides reinforcement learning to generate both secure and functional code simultaneously.
Traditional static analysis tools like CodeQL cannot effectively evaluate all types of vulnerabilities in generated code.
The functionality-security paradox makes it difficult to improve security without significantly degrading code functionality.
Chenxu Wang, Chaozhuo Li +11
The emergence of multi-agent systems built from large language models (LLMs) offers a promising paradigm for scalable collective intelligence and self-evolution. Ideally, such systems would achieve co...
Dongrui Liu, Qihan Ren +41
The rise of AI agents introduces complex safety and security challenges arising from autonomous tool use and environmental interactions. Current guardrail models lack agentic risk awareness and transp...
Qiyuan Zhang, Junyi Zhou +9
As Large Language Model (LLM) alignment evolves from simple completions to complex, highly sophisticated generation, Reward Models are increasingly shifting toward rubric-guided evaluation to mitigate...
Seanie Lee, Sangwoo Park +7
Large reasoning models (LRMs) achieve remarkable performance by leveraging reinforcement learning (RL) on reasoning tasks to generate long chain-of-thought (CoT) reasoning. However, this over-optimiza...
Dongrui Liu, Yi Yu +19
To understand and identify the unprecedented risks posed by rapidly advancing artificial intelligence (AI) models, Frontier AI Risk Management Framework in Practice presents a comprehensive assessment...
