Semgrep, Bandit

Willing but Unable: Separating Refusal from Capability in Code LLMs via Abliteration

arXiv:2606.05396v1 Announce Type: new Abstract: Producing a labeled vulnerable code at scale is a recurring obstacle for learning-based vulnerability detection: mined corpora carry substantial label noise, and existing LLM-based augmentation propagates these inaccuracies because it transforms vulnerable seeds rather than synthesising vulnerabilities from a specification. A complementary route is to start from safe code and ask an instruction-tuned LLM to inject a specified CWE (which would...