ATHENE Mission Project · TU Darmstadt

SecureCoder

Security-Aware Code Generation and Evaluation

Large Language Models are reshaping software development, but their ability to generate secure code remains an open challenge. SecureCoder is a collaborative research initiative at TU Darmstadt that tackles this problem end-to-end: from curating security-focused training data and building robust evaluation benchmarks, to training security-aware models and deploying constraint-based decoding techniques that prevent vulnerabilities at generation time.

Our work brings together expertise in programming languages, natural language processing, and machine learning to produce developer-friendly tools, including an IDE plugin and a unified benchmarking CLI, that raise the bar for safe AI-assisted development.

GitHub Explore Research
Data Curation
Model Training
Constraint Decoding
Benchmarking

News

Latest updates from the SecureCoder project

Loading...

Loading news updates...

See all news

Research

Four interconnected pillars of security-aware code generation

Data Creation & Curation

High-quality security data is the foundation of everything we do. We design systematic pipelines to collect, annotate, and curate code samples that exhibit real-world vulnerabilities, covering CWE classes such as buffer overflows, SQL injection, path traversal, and more. By building standardized, reproducible datasets we enable rigorous cross-model comparison and reproducible research across the community.

  • CWE Annotation
  • Dataset Benchmarking
  • SecurityEvalDataset

Model Training

We develop training regimes that embed security awareness directly into language models. This includes fine-tuning with symbolic execution feedback to identify vulnerabilities at training time, GNN-augmented pre-training that models code graph structure for improved accuracy, and obfuscation grounding to enhance model robustness against adversarial or insecure patterns.

  • Symbolic Execution
  • GNN-Augmented Pre-training
  • Obfuscation Grounding

Constraint Decoding

Rather than relying solely on post-hoc filtering, we integrate security constraints directly into the decoding process. A dedicated discriminator model critiques generated code in real time, steering the generator away from known vulnerability patterns. This approach combines security-first prompting with formal verification principles to guarantee structural safety properties during generation.

  • Discriminator Models
  • Formal Verification
  • Security-First Prompting

IDE & Benchmarking

Our research is deployed as practical tools: a JetBrains IDE plugin that highlights vulnerabilities and suggests secure alternatives in real time, and a unified CLI benchmarking framework for evaluating any model against industry-standard security suites including CWEval, SecCodePLT, and CyberSecEval. Both tools are openly released for use by the broader research community.

  • JetBrains Plugin
  • CWEval / SecCodePLT
  • Unified CLI

Products

Open tools built from our research, ready to use in your workflow

IDE Integration

JetBrains IDE Plugin

Brings security awareness directly into your development environment. The plugin analyzes code suggestions in real time, highlights potential vulnerabilities, and proposes secure alternatives, powered by our constraint decoding and security-first prompting techniques.

Download More Info
Unified Evaluation

Benchmark CLI Tool

A unified command-line interface for rigorously evaluating the security posture of code generation models. Benchmark any model from OpenRouter or a local agent against industry-standard security suites including CWEval, SecCodePLT, and CyberSecEval , all in one tool.

GitHub More Info

Publications

Research outputs from the SecureCoder project

Loading publications from BibTeX...

See all publications

Team

Principal investigators and researchers driving the SecureCoder initiative

Mira Mezini
Prof. Mira Mezini
Principal Investigator
Software Technology Group · TU Darmstadt

Programming languages, software engineering, and AI-assisted development with a focus on code correctness and security.

Iryna Gurevych
Prof. Iryna Gurevych
Principal Investigator
UKP Lab · TU Darmstadt

Natural language processing, information extraction, and large language model research for understanding and generating text and code.

Kristian Kersting
Prof. Kristian Kersting
Principal Investigator
ML Group · TU Darmstadt

Machine learning, statistical relational AI, and deep learning with applications to structured prediction and reasoning.

Dr. Amir Molzam
Dr. Amir Molzam
Postdoctoral Researcher
Software Technology Group · TU Darmstadt
Dr. Tobias Reinhard
Dr. Tobias Reinhard
Postdoctoral Researcher
Software Technology Group · TU Darmstadt
Abhinav Anand
Abhinav Anand
Doctoral Researcher
Software Technology Group · TU Darmstadt
Shweta Verma
Shweta Verma
Doctoral Researcher
Software Technology Group · TU Darmstadt
Daniel Maninger
Daniel Maninger
Doctoral Researcher
Software Technology Group · TU Darmstadt
Mert Tiftikci
Mert Tiftikci
Doctoral Researcher
Software Technology Group · TU Darmstadt