{"ID":2851985,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.18204","arxiv_id":"2510.18204","title":"RESCUE: Retrieval Augmented Secure Code Generation","abstract":"Despite recent advances, Large Language Models (LLMs) still generate vulnerable code. Retrieval-Augmented Generation (RAG) has the potential to enhance LLMs for secure code generation by incorporating external security knowledge. However, the conventional RAG design struggles with the noise of raw security-related documents, and existing retrieval methods overlook the significant security semantics implicitly embedded in task descriptions. To address these issues, we propose \\textsc{Rescue}, a new RAG framework for secure code generation with two key innovations. First, we propose a hybrid knowledge base construction method that combines LLM-assisted cluster-then-summarize distillation with program slicing, producing both high-level security guidelines and concise, security-focused code examples. Second, we design a hierarchical multi-faceted retrieval that traverses the constructed knowledge base from top to bottom and integrates multiple security-critical facts at each hierarchical level, ensuring comprehensive and accurate retrieval. We evaluated \\textsc{Rescue} on four benchmarks and compared it with five state-of-the-art secure code generation methods on six LLMs. The results demonstrate that \\textsc{Rescue} improves the SecurePass@1 metric by an average of 4.8 points, establishing a new state-of-the-art performance for security. Furthermore, we performed in-depth analysis and ablation studies to rigorously validate the effectiveness of individual components in \\textsc{Rescue}. Our code is available at https://github.com/steven1518/RESCUE.","short_abstract":"Despite recent advances, Large Language Models (LLMs) still generate vulnerable code. Retrieval-Augmented Generation (RAG) has the potential to enhance LLMs for secure code generation by incorporating external security knowledge. However, the conventional RAG design struggles with the noise of raw security-related docu...","url_abs":"https://arxiv.org/abs/2510.18204","url_pdf":"https://arxiv.org/pdf/2510.18204v2","authors":"[\"Jiahao Shi\",\"Tianyi Zhang\"]","published":"2025-10-21T01:13:03Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.LG\",\"cs.SE\"]","methods":"[\"RAG\",\"Large Language Model\",\"Language Model\"]","has_code":false,"code_links":[{"ID":607947,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_id":2851985,"paper_url":"https://arxiv.org/abs/2510.18204","paper_title":"RESCUE: Retrieval Augmented Secure Code Generation","repo_url":"https://github.com/steven1518/RESCUE","is_official":false,"mentioned_in_paper":false,"mentioned_in_github":true,"github_stars":0}]}