[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-securecode-targets-the-vulnerable-code-ai-assistants-keep-writing":10,"sections":40},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":30,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},4426,"securecode-targets-the-vulnerable-code-ai-assistants-keep-writing","SecureCode Targets the Vulnerable Code AI Assistants Keep Writing","A new open dataset pairs web and AI\u002FML security examples to help train coding models that stop producing vulnerable output.","AI coding assistants write vulnerable code nearly half the time they touch security-sensitive scenarios, according to Veracode research cited by the dataset's authors.\n\nSecureCode is a 2,185-example dataset released on Hugging Face, built to fill a gap: no public training set previously covered both traditional web security and AI\u002FML-specific threats in a format ready for instruction tuning. The web security half spans 1,435 examples across the OWASP Top 10 2021, 11 programming languages, and 9 frameworks, every one grounded in documented CVEs. The AI\u002FML half adds 750 examples covering all 10 categories of the OWASP LLM Top 10 2025, touching frameworks including LangChain, OpenAI, and Hugging Face. Each example follows a four-turn structure: feature request, vulnerable and secure implementations with attack demos, advanced probing, and defense-in-depth guidance.\n\nThe practical bet here is that fine-tuning on structured, multi-turn security conversations will produce models that handle threat modeling as a first-class concern rather than an afterthought. The researchers released eight fine-tuned open-source models ranging from 3B to 20B parameters alongside an evaluation framework with four security-specific metrics — giving teams something to benchmark against rather than just raw training data. The AI\u002FML component alone earned a rubric-calibrated mean quality score of 93.8 out of 100 across more than 10,500 automated assessments.\n\nWhether fine-tuning on any dataset actually closes the 45% vulnerability gap in production remains the open question — but at minimum, SecureCode gives researchers a common baseline that didn't exist before.","[\"ai\",\"security\",\"dev-tools\",\"open-source\"]","2026-07-08T04:00:00.000Z","2026-07-08T09:04:43.207Z","2026-07-08T09:04:46.035Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The dek and body claim the 93.8 quality score applies to the full dataset, but the source material states it applies only to the AI\u002FML component (750 examples), not the full 2,185-example dataset — the article must scope that figure correctly or note what it covers.","resolved","ai",[30,32,33,34],"security","dev-tools","open-source",[36],{"name":37,"url":38},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2512.18542",0,{"sections":41},[42,46,50,55,60,65,70,75,80,84,89,93,98,103],{"name":43,"slug":30,"count":44,"latest_published_at":45},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":47,"slug":32,"count":48,"latest_published_at":49},"Security",294,"2026-07-15T19:59:48.000Z",{"name":51,"slug":52,"count":53,"latest_published_at":54},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":56,"slug":57,"count":58,"latest_published_at":59},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":79},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":81,"slug":33,"count":82,"latest_published_at":83},"Dev Tools",59,"2026-07-07T04:00:00.000Z",{"name":85,"slug":86,"count":87,"latest_published_at":88},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":90,"slug":91,"count":87,"latest_published_at":92},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":104,"slug":105,"count":106,"latest_published_at":107},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]