paperarXivTrust 82 · PrimaryPublished 4d agoLive · 3d ago
Words Speak Louder Than Code: Investigating Cognitive Heuristics in LLM-Based Code Vulnerability Detection
Researchers and practitioners increasingly apply Large Language Models (LLMs) for automated vulnerability detection. Recent work has shown that LLMs are susceptible to the same cognitive heuristics that bias human judgment. Yet, no work has investigated whether these heuristics affect a model's assessment of code vulnerabilities. In this paper, we present the first systematic exploration of cognitive heuristics in LLM-driven code vulnerability detection. We introduce a controlled framework that holds the code fixed and only varies the surrounding context to trigger three cognitive heuristics:
Lineage graph
Paper → model → repo connections mined from source citations (Tier-1 exact match).
Covers
newsIEEE Rolls Out Large Language Models Virtual Training CoursenewsPrompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routersnewsCritical Copilot vulnerability allowed hackers to steal 2FA code from usersnewsDefending against Prompt Injection with Structured Queries (StruQ) and Preference Optimization (SecAlign)newsA system-level approach to prompt injection: separating instruction and data channels in LLM agents [P]
Implements (incoming)
Related across the graph
newsPrompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routersnewsDefending against Prompt Injection with Structured Queries (StruQ) and Preference Optimization (SecAlign)repohuhusmang/Awesome-LLMs-for-Vulnerability-DetectionnewsCritical Copilot vulnerability allowed hackers to steal 2FA code from usersnewsIEEE Rolls Out Large Language Models Virtual Training CoursenewsA system-level approach to prompt injection: separating instruction and data channels in LLM agents [P]
