Security/ ai · security · code-generation · red-teaming

RedCoder Automates Multi-Turn Attacks on Code AI

A new red-teaming agent called RedCoder probes code-generating AI over multi-turn chats to surface vulnerabilities that single-shot tests miss.

An automated red-teaming tool called RedCoder can coax code-generating AI models into producing vulnerable code through extended, multi-turn conversations.

Researchers built RedCoder as a pipeline with two phases. First, a multi-agent simulation plays out adversarial dialogues, generating prototype conversations and a reusable library of attack strategies. Then a base LLM is fine-tuned on those conversations, producing an agent that can autonomously probe target code models, pulling from the strategy library in real time to steer exchanges toward vulnerability-inducing outputs. In tests across several code-generation models, RedCoder outperformed both single-turn and existing multi-turn red-teaming methods at surfacing security weaknesses.

The work matters because code-generation tools are now embedded in daily developer workflows, and most security evaluations still treat the model as a single-shot oracle — one prompt in, one answer out. Real coding sessions are iterative: a developer refines, asks follow-ups, and shares partial code. An attacker operating the same way has more surface area than a single malicious prompt ever could. RedCoder closes the gap between how these models are tested and how they are actually used.

The study also highlights a scalability problem with today's red-teaming practice: it leans heavily on human effort, which caps how many models or scenarios can be evaluated. Automated multi-turn probing does not solve alignment — it just makes the audit cheaper. Whether the labs shipping these coding tools will adopt it before adversaries build the same thing independently is the more uncomfortable question.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →