Table 2 Generative AI practices for addressing cybersecurity risks in automatic code generation.
S. no | Generative AI practices | Generative AI tools |
|---|---|---|
Generative AI practices and tools for addressing injection attacks16,17,18,19,20 | ||
P1 | Input validation and sanitization | TensorFlow, Keras, OpenAI GPT-3, Hugging Face |
P2 | Code obfuscation and encryption | PyArmor, Jscrambler, CodeSheild |
P3 | Use of secure code templates | Codex, DeepCode, SobarQube |
P4 | Static code analysis for vulnerability detection | Checkmarx, Veracode, Snyk |
P5 | Automatic generation of prepared statements | SQLAIcHEMY, Hibernate ORM |
P6 | Regular security audits and penetration testing | Burp Suite, OWASP ZAP, Acunetix |
P7 | Context-aware AI models for reduced vulnerabilities | OpenAI Codex, GPT-3 |
Generative AI practices and tools for addressing code quality and logic errors72,73,74,75 | ||
P8 | Static code analysis | SonarQube, Codacy, ESLint |
P9 | Automated unit testing | JUnit, TestNG, PyTest |
P10 | Code refactoring | Rafactoring.ai, JRebel |
P11 | Error detection with AI models | DeepCode, Codex |
P12 | Logic verification | Prolong, Z3 Solver |
P13 | Automated code reviews | GitHub Copilot, CodeGuru |
P14 | Continuous integration and delivery (CI/CD) | Jenkins, CircleCI, Travis CI |
P15 | Pattern recognition for best practices | Kite, Tabnine |
Generative AI practices and tools for addressing backdoors and malicious codes76,77,78,79,80 | ||
P16 | Malware detection | VirusTotal, ReScan, Malicious Code Detection AI |
P17 | Static analysis for vulnerabilities | SonarQube, Checkmarx, Fortify |
P18 | Anomaly detection | DeepCode, CodeSonar, AI-Based Threat Detection |
P19 | Automatic security audits | WhiteSource, CodeQL, Synk |
P20 | Runtime behavior analysis | Cuckoo Sandbox, AppSpy, Runtime AI |
P21 | Automated penetration testing | Metsploit, AI-Pentest, Burp Suit |
P22 | Code obfuscation and protection | ProGaurd, Jscrambler, Dotfuscator |
Generative AI practices and tools for addressing vulnerabilities in reuse code (legacy dependencies)13,14,15 | ||
P23 | Automated dependency management | Renovate, Dependabot, Snyk |
P24 | Vulnerability scanning for legacy code | Whitesource, Checkmarx, Black Duck |
P25 | Automated patch generation | Dependabot, AI-Patch Generation Tools |
P26 | Code auditing for legacy systems | Veracode, SonarQube, GitHub, Advanced Security |
P27 | AI-dependency upgrade | Greenkeeper, PyUp, Renovate |
P28 | Legacy code refactoring | Refactoring.ai, JRebel, JetBrain, ReSharper |
P29 | Static and dynamic code analysis | Fortify, SonarQube, Codacy |
P30 | Compatibility testing for new dependencies | Jenkins, CircleCi, TestComplete |
P31 | AI-enhanced risk assessment for legacy code | Secure Code Worrier, AI Risk Assessment Tools |
Generative AI practices and tools for addressing insufficient input validation81,82,83,84,85 | ||
P32 | Automated input validation generation | Codex, GPT-3, Tabnine, CodeWhisperer |
P33 | Pattern matching for input validation | AI-Powered Static Analysis Tools (DeepCode, SonarQube) |
P34 | Dynamic input testing | Postman, Swagger, JMeter, AI-based |
P35 | Fuzz testing | American Fuzzy Lop (AFL), BooFuzz, FuzzerAI |
P36 | Automated code review for input handling | GitHub Copilot, CodeGuru, Codacy |
P37 | Input sanitization AI models | Snyk, Veracode, AI-based Web Application Firewalls |
P38 | Machine learning for input validation | OpenAI Codex, IntelliCode (Vs), PyLint |
P39 | Real-time input validation feedback | IntelliJ IDEA, Visual Studio Code with AI Plugin |
P40 | AI-driven security scanning for input handling | Fortify, Black Duck, WhiteSource |
Generative AI practices and tools for addressing weak authentication and authorization mechanisms86,87,88,89 | ||
P41 | AI-driven authentication generation | Auth0, Okta, Keycloak, Firebase Authentication |
P42 | Automated role-based access control (RBAC) | AWS IAM, Azure AD, Okta, Auth0 |
P43 | Contextual authentication generation | Okta, Microsoft Identity Platform, Adaptive Authentication |
P44 | AI-enhanced token generation and management | JWT (JSON Web Tokens), OAuth2, Auth0 |
P45 | Secure password generation | Dashlane, 1Password, Bitwarden |
P46 | Automated authorization testing | Postman, Selenium, Junit |
P47 | AI-driven secure session management | Spring Security, OAuth, Firebase Authentication |
P48 | AI-based anomaly detection in authentication | IBM QRadar, Splunk, CrowdStrike |
P49 | AI for permissions auditing | AWS IAM, Azure AD, Okta, Terraform |
P50 | Behavioral biometrics for authentication | BioCatch, Behaviosec, Zighra |
Generative AI practices and tools for addressing lack of encryption OR insecure data handling30,90,91,92,93 | ||
P51 | Automated encryption code generation | OpenSSL, libsodium, Bouncy Castle |
P52 | AI-based classification | Microsoft Azure Information Protection, Varonis, IBM Gaurdium |
P53 | Automated key management | AWS KMS, HashiCorp Vault, Google Cloud KMS |
P54 | Secure API generation with encryption | Postman, Swagger, Apigee |
P55 | Data masking and tokenization automation | Informatica, IBM Infosphere Optim, Protegrity |
P56 | AI-driven secure storage solutions | AWS S3 Encryption, Azure Blob Storage Encryption |
P57 | Real-time data leakage detection | Symantec DLP, Digital Guardian, Forcepoint |
P58 | Automated compliance checking | OneTrust, TrustArc, Secureframe |
P59 | Static and dynamic encryption code analysis | VeraCode, Checkmarx, SonarQube |
Generative AI practices and tools for addressing reusability of vulnerable code10,94,95,96,97,98 | ||
P60 | AI-powered vulnerability detection | Snyk, WhiteSource, SonarQube |
P61 | Automated secure code suggestions | GitHub Copilot, DeepCode, Tabnine |
P62 | Dependency risk analysis | Black Duck, Dependabot, Renovate |
P63 | Code clone detection and remediation | PMD, CloneDR, SourceTrail |
P64 | Secure code template generation | Codex, OpenAI API, Kite |
P65 | AI-enhanced code review | CodeGuru, Code Climate, Codacy |
P66 | Continuous monitoring for vulnerable code usage | Snyk, Veracode, GitGaurdian |
P67 | Refactoring legacy code automatically | Refactoring.ai, JRebel, IntelliJ IDEA |
P68 | Security policy enforcement via AI | SonarQube, Checkmarx, Fortify |
P69 | AI-powered education and recommendations | Secure Code Worrier, Cybrary, Pluralsight |
Generative AI practices and tools for addressing lack of secure review and testing23,33,34,99,100,101 | ||
P70 | Automated review code | GitHub Copilot, CodeGuru, Codacy |
P71 | AI-powered static application security testing (SAST) | SonarQube, Checkmarx, Fortify |
P72 | Automated dynamic application security testing (DAST) | OWASP ZAP, Burp Suite, Acunetix |
P73 | Fuzz testing with AI | AFL (American Fuzzy Lop), FuzzBuzz |
P74 | Test case generation using AI | Testim, Mabl, Functionize |
P75 | Continuous integration with AI-based testing | Jenkins, CircleCI, GitLab CI with AI plugin |
P76 | AI-assisted peer code review | Review Board with AI, DeepCode Review |
P77 | Regression testing automation | Selenium, TestComplete with AI plugin |
P78 | Security-focused code quality metrics | SonarQube, Codacy, CodeClimate |
P79 | AI-powered vulnerability prediction models | CodeQL, DeepCode, CodeClimate Security |
Generative AI practices and tools for addressing adversarial attacks on AI models21,102,103,104,105,106 | ||
P80 | Adversarial training | CleverHans, Foolbox, Adversarial Robustness Toolbox (ART) |
P81 | Input sanitization and preprocessing | TensorFlow Privacy, IBM Adversarial Robustness Toolbox (ART) |
P82 | Model verification and validation | Reluplex, AI2, VeriNet |
P83 | Robustness testing frameworks | Foolbox, CleverHans, IBM ART |
P84 | Defense-GAN and generative defenses | Defense-GAN, MagNet |
P85 | Certified robustness methods | Randomized Smoothing, Interval Bound Propagation (IBP) |
P86 | Ensemble methods | TensorFlow, PyTorch Ensemble Libraries |
P87 | Adversarial attack simulation | CleverHans, Foolbox, IBM ART |
P88 | Continuous monitoring and model updates | Azure ML, AWS SageMaker, Google AI Platform |
Generative AI practices and tools for addressing overreliance on AI models34,98,102,107 | ||
P89 | Human-in-the-loop (HITL) | Label Studio, Amazon SageMaker, Ground Truth |
P90 | Explainable AI (XAI) | LIME, SHAP, Google Explainable AI, Tool Kit |
P91 | Model monitoring and feedback loops | Fiddler AI, Arize AI |
P92 | Multi-model ensembles | H2O.ai Driverless AI, Microsoft Azure ML Pipelines |
P93 | Domain expert integration | Custom workflows integrating experts |
P94 | Robust validation sets and testing | OpenML datasets, Kaggle Competitions |
P95 | User education and training | Online courses, workshops, internal training programs |
P96 | Fallback and override mechanisms | Custom UI controls in applications |
P97 | Transparency in data and model sources | Model Cards, datasheets for datasets |
Generative AI practices and tools for addressing privacy issues and data leakage4,25,106,108,109 | ||
P98 | Code sanitization and redaction | GitGaurdian, TruffleHog, Gitleaks |
P99 | Private codebase fine-tuning | Azure OpenAI on private endpoints, Hugging Face Spaces with private models |
P100 | Differential privacy techniques | Google TensorFlow Privacy, PySyft |
P101 | Secure prompt engineering | Human review, prompt validation frameworks |
P102 | Out filtering and post-processing | Codiga, SonarQube, Snyk Code |
P103 | Model usage logging and auditing | MLflow, OpenAI API usage logs |
P104 | Access control and role-based use | IAM Systems (e.g., AWS IAM), Azure Role-Based Access Control |
P105 | On-premise or air-gapped deployment | Self-hosted LLMS (e.g., Code LLaMA, StarCoder) |
P106 | Open-source license checks | FOSSA, Tidelift, WhiteSource |
P107 | Security-aware LLM training | OpenAI Codex (with RLHF), Meta’s Code LLaMA (custom fine-tuning) |
Generative AI practices and tools for addressing insecure integration with other systems21,103,110,111,112 | ||
P108 | Secure coding guidelines enforcement | OWASP Secure Coding Practices, SEI CERT guidelines |
P109 | Static application security testing (SAST) | SonarQube, Checkmarx, Veracode |
P110 | Dynamic application security testing (DAST) | OWASP ZAP, Burp Suite |
P111 | API security validation | Postman Security Tests, API Fostress |
P112 | Dependency and supply chain analysis | Snyk, Dependabot, WhiteSource |
P113 | Code generation with security templates | Custom Secure Code Libraries, OpenAI Codex with security filters |
P114 | Automated threat modeling tools | Microsoft Threat Modeling Tools, IriusRisk |
P115 | Runtime application self-protection (RASP) | Contrast Security, Imperva RASP |
P116 | Secure CI/CD pipelines | Jenkins with security plugins, GitLab CI security scans |
P117 | Logging and monitoring integration | ELK Stack, Splunk, DataDog |
Generative AI practices and tools for addressing insufficient logging and monitoring4,113,114,115,116 | ||
P118 | Automated secure logging code generation | Custom AI Prompts, OpenAI Codex with logging templates |
P119 | Integration with centralized log management | ELK Stack (Elasticsearch, Logstash, Kibana), Splunk, Graylog |
P120 | Anomaly detection on logs using AI | Sumo Logic, LogRhyThm, Microsoft Sentinel AI Capabilities |
P121 | Inclusion of structure logging | Fluentd, Logstash, AWS CloudWatch Logs |
P122 | Real-time monitoring and alerting hooks | PagerDuty, Opsgenie, Prometheus Alertmanager |
P123 | Compliance-aware logging practices | AWS Audit Manager, TrustArc, OneTrust integrations |
P124 | Automated log retention and rotation | Logrotate, Cloud-native lifecycle policies |
P125 | Context-rich logging generation | Custom Logging Frameworks, OpenTelmetry |
P126 | Continuous logging validation in CI/CD | Jenkins Security Plugins, GitLab CI SAST Integration |
P127 | User behavior analytics (UBA) integration | Exabeam, Splunk UBA, IBM QRadar |
