Publications

Surgical Repair of Insecure Code Generation in LLMs: From Mechanistic Diagnosis to Deployment-Ready Intervention

Published in arXiv preprint (arXiv:2604.16697), 2026

LLMs that write insecure code can often correctly explain the very vulnerability they just introduced — a “Format-Reliability Gap.” We trace this to a single layer and use per-vulnerability steering vectors to cut insecure generation by up to 74%.

Recommended citation: Gustavo Sandoval, Brendan Dolan-Gavitt, and Siddharth Garg. (2026). "Surgical Repair of Insecure Code Generation in LLMs: From Mechanistic Diagnosis to Deployment-Ready Intervention." arXiv preprint arXiv:2604.16697. https://arxiv.org/abs/2604.16697

Early Approaches to Adversarial Fine-Tuning for Prompt Injection Defense: A 2022 Study of GPT-3 and Contemporary Models

Published in arXiv preprint (arXiv:2509.14271), 2025

A 2022 study of prompt injection and goal hijacking attacks against GPT-3-era models, introducing Adversarial Fine-Tuning as a defense that drove attack success from 31% to near zero on smaller GPT-3 variants.

Recommended citation: Gustavo Sandoval, Denys Fenchenko, and Junyao Chen. (2025). "Early Approaches to Adversarial Fine-Tuning for Prompt Injection Defense: A 2022 Study of GPT-3 and Contemporary Models." arXiv preprint arXiv:2509.14271. https://arxiv.org/abs/2509.14271

Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants

Published in USENIX Security Symposium (USENIX Security '23), 2023

A security-driven user study (N=58) measuring whether LLM code assistants like OpenAI Codex lead student programmers to write less secure low-level C code. We find the security impact is small.

Recommended citation: Gustavo Sandoval, Hammond Pearce, Teo Nys, Ramesh Karri, Siddharth Garg, and Brendan Dolan-Gavitt. (2023). "Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants." 32nd USENIX Security Symposium. https://www.usenix.org/system/files/sec23summer_sandoval.pdf