<div class="hero-wrapper">
<style>
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-Regular.woff2') format('woff2'); font-weight: 400;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-SemiBold.woff2') format('woff2'); font-weight: 600;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-Bold.woff2') format('woff2'); font-weight: 700;}
/* --- Enkapsulirani reset --- */
.hero-wrapper * { box-sizing: border-box; margin: 0; padding: 0; }
/* --- Hero Section --- */
.hero-wrapper .hero {
font-family: 'Poppins', sans-serif;
width: 100%;
background: linear-gradient(120deg,#0d3b66 0%, #0f5a8a 40%, #0d7b6f 100%);
color: #ffffff;
padding: 1rem 4%;
box-shadow: 0 6px 18px rgba(2,6,23,0.25);
display: flex;
gap: 1rem;
align-items: center;
justify-content: space-between;
flex-wrap: wrap;
}
.hero-wrapper .hero-text { flex: 1 1 640px; text-align: left; }
.hero-wrapper .hero h1 {
font-size: 1.4rem;
margin-bottom: 0.4rem;
font-weight: 800;
text-align: center;
color: white;
}
.hero-wrapper .hero .subtitle {
text-align: center;
font-size: 0.9rem;
margin-bottom: 0.6rem;
font-weight: 600;
opacity: 0.9;
}
.hero-wrapper .hero p {
font-size: 0.85rem;
margin-bottom: 0.4rem;
}
.hero-wrapper .hero .important {
font-weight: 600;
background: rgba(255,255,255,0.12);
padding: 0.25rem 0.6rem;
border-radius: 5px;
display: inline-block;
margin-bottom: 0.5rem;
font-size: 0.85rem;
}
.hero-wrapper .hero .bold-line {
font-weight: 600;
margin-bottom: 0.4rem;
font-size: 0.85rem;
}
.hero-wrapper .hero .support-message {
font-weight: 600;
margin-top: 0.6rem;
font-size: 0.85rem;
padding: 0.4rem 0.7rem;
border-left: 3px solid #fff;
border-radius: 5px;
background: rgba(255,255,255,0.12);
box-shadow: 0 2px 6px rgba(0,0,0,0.2);
}
.hero-wrapper .hero-icons {
display: flex;
gap: 0.6rem;
align-items: center;
justify-content: center;
padding: 0.3rem;
}
.hero-wrapper .hero-icons img {
width: 55px;
height: 55px;
border-radius: 10px;
background: rgba(255,255,255,0.1);
padding: 0.5rem;
box-shadow: 0 4px 12px rgba(2,6,23,0.25);
}
@media(max-width: 768px){
.hero-wrapper .hero {
padding: 0.8rem 3%;
flex-direction: column;
text-align: center;
}
.hero-wrapper .hero h1 { font-size: 1.3rem; }
.hero-wrapper .hero .subtitle { font-size: 0.85rem; }
.hero-wrapper .hero-icons img { width: 50px; height: 50px; }
}
</style>
<section class="hero" aria-label="hero">
<div class="hero-text">
<h1>π‘οΈ Security in AI-Generated Code</h1>
<p class="subtitle">WP9T2</p>
<p class="important">Guide for Developers: How to safely use generated code, identify risks, and integrate security controls into development.</p>
<p>LLM assistants such as Copilot, ChatGPT, and Codex can accelerate development β but AI output is not inherently secure. Treat suggestions as untrusted: review, test, and apply multi-layered checks.</p>
<p class="bold-line">β οΈ Main challenges include: prompt injection, data leakage, insecure libraries, automation bias, and over-reliance on AI suggestions.</p>
<p class="bold-line">π Conclusion: AI output should be treated as untrusted code and subjected to human review plus multi-layered security checks.</p>
<p class="support-message">π‘ But donβt worry β our team can help you with that! Read the guide to learn more details about it.</p>
</div>
<div class="hero-icons" aria-hidden="true">
<img src="https://img.icons8.com/ios-filled/100/ffffff/artificial-intelligence.png" alt="AI Icon">
<img src="https://img.icons8.com/ios-filled/100/ffffff/cyber-security.png" alt="Security Icon">
<img src="https://img.icons8.com/ios-filled/100/ffffff/shield.png" alt="Shield Icon">
</div>
</section>
</div> |
<div class="guide-wrapper">
<style>
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-Regular.woff2') format('woff2'); font-weight: 400;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-SemiBold.woff2') format('woff2'); font-weight: 600;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-Bold.woff2') format('woff2'); font-weight: 700;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-ExtraBold.woff2') format('woff2'); font-weight: 800;}
/* Enkapsulacija: reset samo unutar guide-wrapper */
.guide-wrapper * { box-sizing: border-box; margin: 0; padding: 0; }
/* Glavna enkapsulirana font-family */
.guide-wrapper { font-family: 'Poppins', sans-serif; }
.guide-wrapper section { padding: 1rem 3%; margin: 0; }
.guide-wrapper section + section { margin-top: 1rem; }
.guide-wrapper .vulnerabilities { background: #e0f2f1; margin-top: 0.8rem; }
.guide-wrapper .llm-risks { background: #fff3e0; }
.guide-wrapper .ai-context { background: #e3f2fd; }
.guide-wrapper .mitigation { background: #e8f5e9; }
.guide-wrapper h2 {
font-size: 1.1rem;
font-weight: 800;
color: #0d3b66;
margin-bottom: 0.6rem;
border-bottom: 2px solid #cfd8dc;
padding-bottom: 0.4rem;
text-align: center;
}
.guide-wrapper .card-grid {
display: grid;
grid-template-columns: repeat(4, 1fr);
gap: 0.7rem;
margin-top: 0.7rem;
}
.guide-wrapper .card {
background: #ffffff;
border-radius: 10px;
padding: 0.7rem;
box-shadow: 0 2px 6px rgba(0,0,0,0.05);
display:flex;
flex-direction: column;
justify-content: flex-start;
position: relative;
}
.guide-wrapper .card h3 {
font-size: 0.95rem;
font-weight: 700;
color: #0d3b66;
margin-bottom: 0.4rem;
display: flex;
align-items: center;
gap: 0.3rem;
}
.guide-wrapper .card p { font-size: 0.8rem; margin: 0; }
.guide-wrapper ul { padding-left: 1rem; }
.guide-wrapper ul li { margin-bottom: 0.3rem; font-weight: 600; font-size: 0.8rem; }
.guide-wrapper a { font-weight: 700; color: #f95738; text-decoration: none; font-size: 0.8rem; }
.guide-wrapper a:hover { text-decoration: underline; }
.guide-wrapper .card .see-examples {
position: absolute;
bottom: 0.4rem;
right: 0.6rem;
font-weight: 700;
font-size: 0.75rem;
color: #f95738;
}
@media(max-width:1200px){
.guide-wrapper .card-grid { grid-template-columns: repeat(2, 1fr); }
}
@media(max-width:768px){
.guide-wrapper section { padding:0.7rem 2%; }
.guide-wrapper h2{font-size:1rem;}
.guide-wrapper .card h3{font-size:0.85rem;}
.guide-wrapper ul li{font-size:0.75rem;}
.guide-wrapper .card-grid { grid-template-columns: 1fr; }
}
</style>
<!-- Key Vulnerabilities -->
<section class="section vulnerabilities">
<h2>π οΈ Key Vulnerabilities in AI-Generated Code</h2>
<div class="card-grid">
<div class="card">
<h3>β οΈ Injection Vulnerabilities</h3>
<ul><li>SQL Injection</li><li>Command Injection</li><li>XSS</li><li>Regex Injection</li><li>Prompt Injection</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330027/Injection+Vulnerabilities" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>πΎ Memory Management</h3>
<ul><li>Buffer Overflow</li><li>Integer Overflow</li><li>Null Pointer Dereference</li><li>Use After Free</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330029/Memory+Management" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>π File Management</h3>
<ul><li>Path Traversal</li><li>Improper File Permissions</li><li>Unrestricted File Uploads</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330031/File+Management" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>π₯οΈ Deserialization</h3>
<ul><li>Insecure Deserialization</li><li>Arbitrary Code Execution</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330033/Deserialization" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>π Sensitive Data Exposure</h3>
<ul><li>Hard-coded secrets</li><li>API key leak</li><li>Insecure storage</li><li>LLM Data Leakage</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330035/Sensitive+Data+Exposure" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>π Authentication & Authorization</h3>
<ul><li>Weak credentials</li><li>Missing access control</li><li>Broken Access Control</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330038/Authentication+Authorization" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>π Cryptography</h3>
<ul><li>Weak algorithms</li><li>Poor key management</li><li>Lack of certificate validation</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330040/Cryptography" class="see-examples">See examples β</a>
</div>
<div class="card">
<h3>π Resource Management</h3>
<ul><li>Resource leaks</li><li>Multiple binds</li><li>Improper control</li></ul>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330042/Resource+Management" class="see-examples">See examples β</a>
</div>
</div>
</section>
<!-- LLM-Specific Risks -->
<section class="section llm-risks">
<h2>π€ LLM-Specific Risks</h2>
<div class="card-grid">
<div class="card">
<h3>π‘οΈ Prompt Injection & Data Leakage</h3>
<p>Malicious or careless prompts can expose sensitive information or compromise code integrity.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Prompt-Injection-and-Data-Leakage" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>β οΈ Model Poisoning</h3>
<p>Adversarial inputs can manipulate model outputs in unsafe ways.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Model-Poisoning" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>π Unsafe Plugins & Configurations</h3>
<p>Third-party extensions or improper settings may introduce vulnerabilities.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Unsafe-Plugins-and-Configurations" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>π Automation Bias</h3>
<p>Blind trust in AI suggestions can lead to overlooked errors.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Automation-Bias" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>π Iterative Degradation</h3>
<p>Repeated AI-only iterations can accumulate errors and increase security risks.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Iterative-Degradation" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>π‘ Hallucinations</h3>
<p>AI may generate convincing but incorrect or insecure code.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Hallucinations" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>π¦ Dependency Risks</h3>
<p>AI may suggest outdated, vulnerable, or unverified libraries.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Dependency-Risks" class="see-examples">Read more β</a>
</div>
<div class="card">
<h3>β οΈ Miscellaneous Risks</h3>
<p>Race conditions, misconfigurations, or other context-specific vulnerabilities.</p>
<a href="https://wiki.geant.org/spaces/GSD/pages/1333330045/LLM+Specific+Risks#Miscellaneous-Risks" class="see-examples">Read more β</a>
</div>
</div>
</section>
<!-- What AI Implicitly Knows -->
<section class="section ai-context">
<h2>π§ What AI Implicitly Knows From Your Request</h2>
<div class="card-grid">
<div class="card">
<h3>π General Contextual Information</h3>
<ul>
<li><strong>Programming language</strong> β explicit (βPython code forβ¦β) or implicit (keywords like <em>pandas</em>, <em>Node.js</em>).</li>
<li><strong>Domain / field</strong> β web development, data science, cybersecurity, AI/ML, embedded systems.</li>
<li><strong>Complexity level</strong> β beginner, intermediate, or advanced.</li>
<li><strong>Purpose / use case</strong> β automation, prediction, encryption, or optimization.</li>
</ul>
</div>
<div class="card">
<h3>𧩠Technical Specifics Revealed</h3>
<ul>
<li><strong>Libraries / frameworks</strong> β React, TensorFlow, Flask, etc.</li>
<li><strong>Target platform</strong> β cloud, on-prem, mobile, or IoT.</li>
<li><strong>Data formats</strong> β JSON, XML, CSV, SQL queries.</li>
<li><strong>Protocols / standards</strong> β HTTP, OAuth, LDAP, blockchain, etc.</li>
</ul>
</div>
<div class="card">
<h3>π Implicit or Sensitive Clues</h3>
<ul>
<li><strong>Organizational context</strong> β βLDAP schemaβ β enterprise IT; βEUDI walletβ β EU digital ID.</li>
<li><strong>Access level</strong> β admin, developer, or auditor.</li>
<li><strong>Security posture</strong> β XSS, SQLi, or encryption reveal internal priorities.</li>
<li><strong>Confidential hints</strong> β internal URLs, schema names, file paths, company-specific terms.</li>
</ul>
</div>
<div class="card">
<h3>π΅οΈ Hidden Context Example</h3>
<p><strong>βWrite me a script to parse LDIF and extract eduPersonPrincipalName.β</strong></p>
<ul>
<li>Reveals <strong>Identity & Access Management (IAM)</strong> role.</li>
<li>Environment: <strong>LDAP / higher education</strong>.</li>
<li>Goal: <strong>federated identity</strong> (Shibboleth / eduGAIN / GΓANT).</li>
</ul>
</div>
<div class="card">
<h3>𧨠Security & Vulnerability Implications</h3>
<p><strong>Example:</strong> βShow me code to sanitize user input for XSS in React.β</p>
<ul>
<li>Reveals <strong>web app developer</strong> or auditor.</li>
<li>Shows focus on <strong>XSS mitigation</strong>.</li>
<li>Frameworks reveal <strong>tech stack</strong>.</li>
<li>Indicates <strong>threat modeling</strong> mindset.</li>
</ul>
</div>
<div class="card">
<h3>π’ Industry-Specific Inference</h3>
<p><strong>Example:</strong> βGenerate smart contract code in Solidity for a voting system.β</p>
<ul>
<li>Reveals <strong>blockchain development</strong> background.</li>
<li>Focus on <strong>DAOs, fintech, or governance</strong>.</li>
<li>Likely early-stage prototyping.</li>
</ul>
</div>
<div class="card">
<h3>π¬ The Hidden Fingerprint</h3>
<p>Even a <strong>short code request</strong> reveals domain, role, priorities, and internal environment clues.</p>
<p style="margin-top:0.3rem;"><strong>Lesson:</strong> Avoid sensitive data, URLs, or internal identifiers in prompts.</p>
</div>
<div class="card">
<h3>π Key Takeaway</h3>
<p>Each prompt leaves a <strong>contextual fingerprint</strong>. AI can infer organizational setup and intent β so craft prompts securely and thoughtfully.</p>
</div>
</div>
<p style="margin-top:1rem; font-size:0.85rem; font-weight:600; text-align:center;">
π Learn more in our <a href="https://wiki.geant.org/spaces/G52W9T2/pages/1221296279/Security+in+AI-Generated+Code+-+updated">Prompt Privacy and Inference Risks guide</a>.
</p>
</section>
<!-- Mitigation Strategies -->
<section class="section mitigation">
<h2>π‘οΈ Mitigation Strategies & Tools</h2>
<div class="card-grid">
<div class="card">
<h3>π₯ Human Reviews</h3>
<p>Always review AI-generated code before production deployment. Human expertise can catch subtle security flaws that automated tools might miss.</p>
</div>
<div class="card">
<h3>β³ Limit Iterations</h3>
<p>Restrict AI to a maximum of 3 iterations before a mandatory human review. Multiple iterations can amplify vulnerabilities or introduce repeated mistakes.</p>
</div>
<div class="card">
<h3>π§Ή Prompt Hygiene</h3>
<p>Never include secrets, credentials, or proprietary data in prompts. Maintain clean and sanitized input to avoid accidental leaks.</p>
</div>
<div class="card">
<h3>π§° Static & Dynamic Analysis</h3>
<p>Run automated analysis tools after AI suggestions. Tools like <strong>SonarQube</strong> can detect missing access checks, weak credentials, and insecure patterns. Combine SAST and DAST tools for continuous security.</p>
</div>
<div class="card">
<h3>π οΈ Secure Libraries</h3>
<p>Prefer proven secure libraries instead of reinventing code. Regularly check for known vulnerabilities and maintain a whitelist of approved dependencies.</p>
</div>
<div class="card">
<h3>β
Testing</h3>
<p>Always test AI-generated changes for functionality and security. Include unit tests, integration tests, and security-focused test cases.</p>
</div>
<div class="card">
<h3>π Frameworks & Guides</h3>
<p>Follow trusted AI security frameworks:</p>
<ul>
<li><a href="https://genai.owasp.org/llm-top-10/" target="_blank">OWASP LLM Top 10</a></li>
<li><a href="https://genai.owasp.org/resources/" target="_blank">OWASP AI Security</a></li>
<li><a href="https://saif.google/" target="_blank">Google SAIF</a></li>
<li><a href="https://www.microsoft.com/en-us/ai/responsible-ai" target="_blank">Microsoft Responsible AI</a></li>
</ul>
</div>
</div>
</section>
</div> |
<div class="guide-wrapper">
<style>
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-Regular.woff2') format('woff2'); font-weight: 400;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-SemiBold.woff2') format('woff2'); font-weight: 600;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-Bold.woff2') format('woff2'); font-weight: 700;}
@font-face { font-family: 'Poppins'; src: url('./fonts/Poppins-ExtraBold.woff2') format('woff2'); font-weight: 800;}
/* Enkapsulacija svih stilova unutar guide-wrapper */
.guide-wrapper * { box-sizing: border-box; }
.guide-wrapper { font-family: 'Poppins', sans-serif; line-height: 1.4; font-size: 13px; }
.guide-wrapper section { padding: 1rem 3%; margin: 0; }
.guide-wrapper section + section { margin-top: 1rem; }
.guide-wrapper h2 {
font-size: 1.1rem;
font-weight: 800;
color: #0d3b66;
margin-bottom: 0.6rem;
border-bottom: 2px solid #cfd8dc;
padding-bottom: 0.4rem;
text-align: center;
}
/* Developer Checklist */
.guide-wrapper .developer-checklist { background: #ede7f6; }
.guide-wrapper .checklist {
list-style: none;
padding: 0;
margin: 0;
display: flex;
flex-wrap: wrap;
gap: 0.5rem;
}
.guide-wrapper .checklist li {
list-style-type: none;
position: relative;
background: #ffffff;
padding: 0.5rem 0.7rem;
border-radius: 8px;
box-shadow: 0 1px 4px rgba(0,0,0,0.05);
font-weight: 600;
font-size: 0.8rem;
flex: 1 1 45%;
}
.guide-wrapper .checklist li span.tip {
display: block;
margin-top: 0.2rem;
color: #f95738;
font-weight: 600;
font-size: 0.7rem;
}
/* Help Section */
.guide-wrapper .help { background: #d0f0fd; text-align: center; }
.guide-wrapper .help p {
font-size: 0.9rem;
font-weight: 600;
margin: 0.4rem 0;
}
.guide-wrapper .help strong { color: #0d3b66; }
.guide-wrapper .help .collaboration {
margin-top: 0.6rem;
font-size: 1rem;
font-weight: 700;
color: #f95738;
}
.guide-wrapper a { font-weight: 700; color: #f95738; text-decoration: none; }
.guide-wrapper a:hover { text-decoration: underline; }
@media(max-width:1200px){
.guide-wrapper .checklist li { flex: 1 1 100%; }
}
@media(max-width:768px){
.guide-wrapper section { padding:0.7rem 2%; }
.guide-wrapper h2 { font-size:1rem; }
.guide-wrapper .checklist li { font-size:0.75rem; }
.guide-wrapper .help p { font-size: 0.8rem; }
.guide-wrapper .help .collaboration { font-size: 0.9rem; }
}
</style>
<!-- π Developer Checklist -->
<section class="developer-checklist">
<h2>π Developer Checklist</h2>
<ul class="checklist">
<li>β
Limit AI iterations to 3 before review</li>
<li>β
Run static & dynamic analysis after AI suggestions
<span class="tip">β We can help! SonarQube performs static analysis (bugs, vulnerabilities, code smells).</span>
</li>
<li>β
Verify code security for cryptography & authentication
<span class="tip">β We can help! SonarQube flags weak algorithms (MD5, SHA1) and detects risky auth implementations.</span>
</li>
<li>β
Document all AI prompts, iterations, and usage</li>
<li>β
Check for redundant or hallucinated code
<span class="tip">β We can help! SonarQube highlights duplicate or unnecessary code.</span>
</li>
<li>β
Test and validate every change
<span class="tip">β We can help! SonarQube integrates with CI/CD (Jenkins, GitLab CI).</span>
</li>
<li>β
Use secure libraries instead of duplicating code
<span class="tip">β We can help! SonarQube detects repeated logic and suggests reuse.</span>
</li>
<li>β
Review all AI-generated code before production
<span class="tip">β We can help! SonarQube acts as a βfirst reviewer.β</span>
</li>
</ul>
</section>
<!-- π¬ Help Section -->
<section class="help">
<h2>π¬ Need Help or Advice?</h2>
<p>If you need assistance to ensure your code is reliable and safe, contact us at <a href="mailto:codereviews@software.geant.org">codereviews@software.geant.org</a>.</p>
<p>π To read about all services we provide, <a href="https://wiki.geant.org/spaces/GSD/pages/1045004320/Software+Reviews">visit Software Reviews Services page</a>.</p>
<p class="collaboration">π€ We are open for collaboration β donβt hesitate to reach out!</p>
</section>
</div>
|
|
|
|