Skip to main content

Code Generation Security

How a developer platform secured AI code completion and refactoring at scale without slowing teams down.

Challenge

An engineering organization rolled out an AI coding assistant to:
  • Generate boilerplate and tests
  • Refactor legacy services
  • Draft infrastructure changes
Critical Requirements
  • Block insecure code patterns (RCE, SSRF, deserialization)
  • Prevent secret leakage in prompts and outputs
  • Ensure generated code respects internal policies
  • Maintain developer velocity

Solution

KoreShield scanned both prompts and model outputs. Suspicious requests were blocked, and risky outputs were flagged for review. 
import { Koreshield } from 'koreshield-sdk';

const koreshield = new Koreshield({
  apiKey: process.env.KORESHIELD_API_KEY,
  sensitivity: 'high',
});

async function secureCodeGen(request: string) {
  const inputScan = await koreshield.scan({
    content: request,
    metadata: { domain: 'code-gen', repo: 'core-platform' },
  });

  if (inputScan.threat_detected) {
    return { error: 'Blocked unsafe request' };
  }

  const output = await generateCode(request);

  const outputScan = await koreshield.scan({
    content: output,
    metadata: { domain: 'code-gen', output: true },
  });

  if (outputScan.threat_detected) {
    return { error: 'Generated code failed security checks' };
  }

  return { output };
}

Threat Model

The security team focused on:

Prompt Injection

Requests for secrets or internal code

Unsafe Patterns

Command injection, SSRF, crypto misuse

Licensing Violations

Code snippets with incompatible licenses

Data Exfiltration

Scripts that leak data to external endpoints

Secure-by-Default Controls

1

Secret Redaction

Removed API keys and tokens before logging or processing
2

Unsafe Pattern Checks

Blocked code with known exploit signatures (SQL injection, command execution)
3

Policy Scopes

Enforced repo-specific constraints and security requirements
4

Review Gates

Flagged high-risk outputs for security review before merge

CI and Developer Workflow

Optional scan on generated diffs before commit
# .git/hooks/pre-commit
koreshield scan --diff

Example: Detecting Unsafe Code

// KoreShield blocks this pattern
const file = req.query.filename;
exec(`cat ${file}`); // ❌ Command injection risk

Results

Fewer Vulnerabilities

Reduced vulnerable code suggestions in production repos

Low Latency

Maintained code-assist latency targets with minimal overhead

Audit Trail

Centralized audit trail for compliance and change control

Lessons Learned

Key Insights
  • Output scanning is critical for guarding against novel exploit patterns
  • Keeping policies repo-specific improves developer trust
  • Review gates should be rare and explainable to avoid friction
  • False positives hurt adoption - tune aggressively based on feedback

Best Practices

While input scanning catches malicious prompts, output scanning is essential for detecting vulnerabilities in generated code that may slip through.
Different repos have different risk profiles. A startup’s internal tool needs different policies than a payment processing service.
Integrate scanning into the IDE and CI/CD pipeline so developers get immediate feedback, not days later in security review.

Attack Detection

Learn about threat patterns

Security

Security best practices

Configuration

Configure policies

Build docs developers (and LLMs) love

Get started for freeTalk to us