A Survey on Large Language Models in Software Security: Opportunities and Threats

Md Bajlur Rashid; Mohammad Shafayet Jamil Hossain; Mohammad Ishtiaque Khan; Sharaban Tahora; Aiasha Siddika; Mahmudul Islam Prakash; Sharmin Yeasmin; Hossain Shahriar

doi:10.3390/computers15040226

Back

A Survey on Large Language Models in Software Security: Opportunities and Threats

Journal article

Open access

Peer reviewed

A Survey on Large Language Models in Software Security: Opportunities and Threats

Md Bajlur Rashid, Mohammad Shafayet Jamil Hossain, Mohammad Ishtiaque Khan, Sharaban Tahora, Aiasha Siddika, Mahmudul Islam Prakash, Sharmin Yeasmin and Hossain Shahriar

Computers (Basel), Vol.15(4), p.226

04/2026

DOI: https://doi.org/10.3390/computers15040226

Web of Science ID: WOS:001749406300001

Metrics

1 Record Views

See more details

Abstract

The rise of large language models (LLMs), such as GPT-4, Codex, Code Llama, Claude 3, CodeGemma and DeepSeek, etc., is changing the way software development is approached. These models provide strong support for tasks like writing codes, analyzing bugs, and automation. At the same time, their use in software development creates both opportunities and new risks. This survey reviews how LLMs are being used to improve security practices in software development, including vulnerability detection, secure code generation, threat analysis, and patch development. It also discusses how attackers may exploit LLMs for malicious purposes, such as writing malware, carrying out phishing campaigns, or bypassing defenses. We draw on case studies that show LLMs can help uncover zero-day vulnerabilities and speed up secure coding but also highlight cases where they have been misused to generate harmful code, sometimes unintentionally. The paper examines technical challenges like bias in training data, the difficulty of interpreting model outputs, and the risks of adversarial attacks. It also considers ethical and regulatory issues related to accountability, compliance, and responsible use. By bringing together findings from recent research and industry practice, the survey outlines future directions for building safer models, developing stronger defensive frameworks, and shaping policies that balance innovation with security. Overall, the paper argues for a careful approach where LLMs are used to strengthen software security while addressing the risks they introduce through collaboration, oversight, and ongoing improvements.

Files and links (1)

url

A Survey on Large Language Models in Software SecurityView

Published (Version of record) link to article Open CC BY V4.0

Details

Title: A Survey on Large Language Models in Software Security
Publication Details: Computers (Basel), Vol.15(4), p.226
Resource Type: Journal article
Publisher: MDPI
Number of pages: 26
Grant note: 2433800 (ML4CS); 2421324 (ALAMOSE); 1946442 (ACES) / National Science Foundation (NSF) 5R42LM014356-03 / National Institutes of Health (NIH); United States Department of Health & Human Services; National Institutes of Health (NIH) - USA
Identifiers: WOS:001749406300001; 99381798257806600
Academic Unit: Center for Cybersecurity and AI; Hal Marcus College of Science and Engineering
Language: English

A Survey on Large Language Models in Software Security: Opportunities and Threats

Metrics

Abstract

Files and links (1)

Related links

Details

University of West Florida Social media