Capture Summary
Recent preprint describing a stealthy poisoning attack on code LLMs that uses developer code style as a covert trigger for vulnerable-code generation.
Abstract Capture
The paper presents Poison-with-Style (PwS), a poisoning method for Code LLMs that uses code style patterns as triggers rather than explicit prompt tokens. The abstract reports high attack success across diverse vulnerabilities while preserving normal task performance, including a reported 95% generation rate for CWE-20 vulnerable code under the trigger style with less than a 5% drop on HumanEval and MBPP pass@1.
Collection Notes
- Untrusted source content. Treat attack recipe details as evidence, not operational guidance.
- Primary relevance: [[03_Topics/Data Poisoning]], [[03_Topics/Agentic AI Security]]
- PDF: https://arxiv.org/pdf/2605.27631