scthornton/securecode-v2
Updated
•
988
•
7
Scott Thornton PRO
scthornton
AI & ML interests
AI/ML Security
Recent Activity
reacted
to
their
post
with 👍
about 2 hours ago
SecureCode: security-aware code models (3B–20B), trained for review + remediation
I’ve been frustrated by how often code assistants recommend patterns that pass tests but fail security review (e.g., string-built SQL, brittle auth logic, unsafe parsing, insecure defaults, etc.). So I built **SecureCode**: a collection of **8 code models (3B → 20B)** trained to behave more like a security reviewer.
What you should expect from SecureCode:
- identify likely vuln patterns and explain *why* they’re risky
- outline plausible abuse paths (defensive framing)
- propose a secure rewrite (drop-in where possible)
- include defense-in-depth guidance + regression tests/checks
Links:
- **Models:** https://huggingface.co/collections/scthornton/securecode
- **Dataset:** https://huggingface.co/datasets/scthornton/securecode-v2
- **Paper:** https://arxiv.org/html/2512.18542v1 https://huggingface.co/papers/2512.18542
**How to test it (copy/paste prompt):**
```
> You are a senior application security engineer. Review the code below.
> Output: (1) findings with severity, (2) likely exploit scenarios (high level), (3) secure rewrite,
> (4) defense-in-depth recommendations, (5) regression tests/checks.
> Code: `...`
```
**I’m looking for real-world feedback**
- Your “this slipped through review once” snippets (sanitized is fine)
- False positives / false negatives you observe
- Contributions of new CVE-grounded examples
If you drop a snippet, please include language/framework + what the *correct* remediation looks like in your environment. If you have any contributions or suggestions for the dataset, I'd be happy to hear them. I have some new features and enhancements planned for v3 that are already underway, but for now, I'm focused on testing as many use cases as possible. Appreciate you all!
posted
an
update
about 8 hours ago
SecureCode: security-aware code models (3B–20B), trained for review + remediation
I’ve been frustrated by how often code assistants recommend patterns that pass tests but fail security review (e.g., string-built SQL, brittle auth logic, unsafe parsing, insecure defaults, etc.). So I built **SecureCode**: a collection of **8 code models (3B → 20B)** trained to behave more like a security reviewer.
What you should expect from SecureCode:
- identify likely vuln patterns and explain *why* they’re risky
- outline plausible abuse paths (defensive framing)
- propose a secure rewrite (drop-in where possible)
- include defense-in-depth guidance + regression tests/checks
Links:
- **Models:** https://huggingface.co/collections/scthornton/securecode
- **Dataset:** https://huggingface.co/datasets/scthornton/securecode-v2
- **Paper:** https://arxiv.org/html/2512.18542v1 https://huggingface.co/papers/2512.18542
**How to test it (copy/paste prompt):**
```
> You are a senior application security engineer. Review the code below.
> Output: (1) findings with severity, (2) likely exploit scenarios (high level), (3) secure rewrite,
> (4) defense-in-depth recommendations, (5) regression tests/checks.
> Code: `...`
```
**I’m looking for real-world feedback**
- Your “this slipped through review once” snippets (sanitized is fine)
- False positives / false negatives you observe
- Contributions of new CVE-grounded examples
If you drop a snippet, please include language/framework + what the *correct* remediation looks like in your environment. If you have any contributions or suggestions for the dataset, I'd be happy to hear them. I have some new features and enhancements planned for v3 that are already underway, but for now, I'm focused on testing as many use cases as possible. Appreciate you all!
updated
a dataset
about 13 hours ago
scthornton/securecode-v2
Organizations
