Code as a Weapon: A Consensus-Labeled Prompt Bank for Measuring Coding-Model Compliance with Malicious-Code Requests
Researchers have identified a critical gap in how the field evaluates coding models' resistance to malicious requests. Unlike general-purpose LLMs, specialized code generators that comply with harmful prompts produce immediately executable weapons rather than text, yet existing refusal benchmarks conflate requests for working exploits with requests for theoretical security knowledge and lack standardized measurement. This work argues the AI safety community needs unified, higher-bar evaluation standards for code models specifically, establishing that compliance severity should drive benchmark rigor rather than the reverse.
Modelwire context
ExplainerThe paper's sharpest contribution isn't a new dataset but a taxonomic argument: that requests for working exploit code and requests for security education are currently lumped together in evaluations, which means a model can score well on refusal benchmarks while still producing functional malware when prompted carefully.
This connects directly to the broader benchmark-quality problem visible across recent coverage. The 'Extrapolative Weight Averaging Reveals Correctness-Efficiency Frontiers in Code RL' story (story 3) shows that code models are being optimized aggressively on competitive programming tasks, which raises the stakes here: the same RL training dynamics that push models toward correct, executable code may also reduce their resistance to adversarial prompts. Meanwhile, the uncertainty quantification work in 'Reverse Probing' (story 8) illustrates a parallel pattern where domain-specific evaluation turns out to require domain-specific methodology, not borrowed general-purpose tooling. The argument in this paper follows the same logic applied to safety rather than capability.
Watch whether any of the major code model providers (Copilot, Cursor, or the open-weight coding model maintainers) adopt the consensus-labeled prompt bank as a standard evaluation within the next two release cycles. Adoption would signal the benchmark has traction; silence would suggest the safety community is still the only audience.
Coverage we drew on
This analysis is generated by Modelwire’s editorial layer from our archive and the summary above. It is not a substitute for the original reporting. How we write it.
Mentionscoding models · language models · malicious code detection · refusal benchmarks
Modelwire Editorial
This synthesis and analysis was prepared by the Modelwire editorial team. We use advanced language models to read, ground, and connect the day’s most significant AI developments, providing original strategic context that helps practitioners and leaders stay ahead of the frontier.
Modelwire summarizes, we don’t republish. The full content lives on arxiv.org. If you’re a publisher and want a different summarization policy for your work, see our takedown page.