MA-CoT Framework Reduces Code Security Vulnerabilities by 57.6%
A group of researchers has unveiled an innovative approach called Mitigation-Aware Chain-of-Thought (MA-CoT) designed to boost the security of code generation with large language models (LLMs). This framework combines specific CWE mitigation techniques with language-aware safeguards to reduce ongoing vulnerabilities. During experiments with three LLMs—gpt-5, claude-4.5, and gemini-2.5—across C, Java, and Python, using four prompting methods on a dataset of 200 tasks and testing on LLMSecEval, MA-CoT managed to cut down security issues from 92 to 39 (a 57.6% decrease) and from 73 to 4 (a 94.5% decrease) on LLMSecEval. Additionally, severe issues saw a significant drop, addressing inconsistencies in security results from current prompt engineering methods.
Key facts
- MA-CoT framework embeds task-specific CWE mitigation guidance and language-aware safeguards.
- Evaluated on gpt-5, claude-4.5, gemini-2.5.
- Tested on C, Java, Python.
- Compared Vanilla, Zero-shot, CoT, MA-CoT prompting strategies.
- Primary dataset of 200 tasks; external validation on LLMSecEval.
- Total security findings reduced from 92 to 39 (57.6%) on primary dataset.
- Findings reduced from 73 to 4 (94.5%) on LLMSecEval.
- High-severity findings (Blocker + Critical) significantly reduced.
Entities
—