Pith. sign in

REVIEW 3 cited by

Finetuning Large Language Models for Vulnerability Detection

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2401.17010 v5 pith:5JEOCLLR submitted 2024-01-30 cs.CR cs.AIcs.LG

Finetuning Large Language Models for Vulnerability Detection

classification cs.CR cs.AIcs.LG
keywords finetuningtrainingvulnerabilitycodedetectionwizardcoderlanguagelarge
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

This paper presents the results of finetuning large language models (LLMs) for the task of detecting vulnerabilities in source code. We leverage WizardCoder, a recent improvement of the state-of-the-art LLM StarCoder, and adapt it for vulnerability detection through further finetuning. To accelerate training, we modify WizardCoder's training procedure, also we investigate optimal training regimes. For the imbalanced dataset with many more negative examples than positive, we also explore different techniques to improve classification performance. The finetuned WizardCoder model achieves improvement in ROC AUC and F1 measures on balanced and imbalanced vulnerability datasets over CodeBERT-like model, demonstrating the effectiveness of adapting pretrained LLMs for vulnerability detection in source code. The key contributions are finetuning the state-of-the-art code LLM, WizardCoder, increasing its training speed without the performance harm, optimizing the training procedure and regimes, handling class imbalance, and improving performance on difficult vulnerability detection datasets. This demonstrates the potential for transfer learning by finetuning large pretrained language models for specialized source code analysis tasks.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns

    cs.CR 2026-05 unverdicted novelty 7.0

    VulKey reaches 31.5% repair accuracy on real C/C++ vulnerabilities by matching hierarchical expert patterns to guide LLM patch generation, beating prior baselines by 7.6%.

  2. VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns

    cs.CR 2026-05 unverdicted novelty 7.0

    VulKey introduces hierarchical expert knowledge abstractions to guide LLMs in vulnerability repair, reporting 31.5% accuracy on PrimeVul (7.6% above best baseline) and strong results on Vul4J.

  3. Words Speak Louder Than Code: Investigating Cognitive Heuristics in LLM-Based Code Vulnerability Detection

    cs.CR 2026-06 unverdicted novelty 6.0

    LLMs for code vulnerability detection show average susceptibility of 33.2% to framing, 23.5% to anchoring, and 18.4% to halo effects, with a black-box attack suppressing up to 97% of detections.