arXiv: Code as a Weapon: A Consensus-Labeled Prompt Bank for Measuring Coding-Model Compliance with Malicious-Code Requests

This paper, published on arXiv, introduces a new benchmark called "Code as a Weapon," which is a curated set of prompts designed to test whether large language models (LLMs) that generate code will comply with requests to produce malicious software. The authors have created a consensus-labeled prompt bank that systematically evaluates how well coding models refuse or comply with dangerous instructions, such as generating exploit code or malware. This is not a regulatory mandate but a research tool that highlights a critical gap in model safety testing, directly relevant to the EU AI Act's requirements for systemic risk assessment and transparency.

The primary organizations affected are developers and deployers of generative AI coding assistants, including major tech firms, cloud service providers, and any company integrating LLMs into software development pipelines. Sectors such as cybersecurity, financial services, and critical infrastructure are particularly exposed, as their use of coding models could inadvertently facilitate the creation of harmful code. Compliance teams in these organizations must ensure their models are evaluated against similar adversarial benchmarks to meet the EU AI Act's obligations for risk management and documentation.

Compliance teams should immediately review their current model testing protocols to see if they include adversarial coding prompts. They should incorporate the methodology from this paper or similar benchmarks into their internal red-teaming and bias testing processes. Additionally, teams should document these tests as part of their technical documentation for high-risk AI systems, and prepare to demonstrate to regulators that their models have been rigorously evaluated for compliance with malicious-code requests.