Hugging Face's logo
Asankhaya Sharma's picture
69 111 224

Asankhaya Sharma PRO

codelion
KurniaKadir's profile picture franklin258's profile picture finnegan765's profile picture
·
http://asankhaya.github.io/

AI & ML interests

Creator of OptiLLM, OpenEvolve, Adaptive Classifier, and PTS. Pioneering a new category in AI infrastructure: inference-time compute for LLMs.

Recent Activity

reacted to their post with ❤️ 1 day ago
Over 40 percent of AI-generated code contains security vulnerabilities. We recently worked on a LoRA to write secure code by default using automated Semgrep analysis and GRPO, achieving 97 percent reduction in vulnerabilities without requiring security-specific prompts. Technical Approach: Automated security training pipeline combining Semgrep vulnerability detection with preference learning. Generate multiple solutions with varying security awareness, automatically analyze for vulnerabilities, create preference pairs based on security scores, train using GRPO with multi-factor scoring. Scoring System (100 points total): - Functionality: 40 points - Does the code work correctly - Security patterns: 40 points - Uses secure coding practices - Low vulnerabilities: 20 points - Semgrep score below threshold This balanced scoring prevents reward hacking where models generate empty functions to avoid vulnerabilities. Real Transformation Examples: Database query before: query = f"SELECT * FROM products WHERE name = '{name}'" Database query after: query = "SELECT * FROM products WHERE name = ?" db.execute(query, (name,)) Password hashing before: password_hash = hashlib.md5(password).hexdigest() Password hashing after: salt = bcrypt.gensalt(rounds=12) password_hash = bcrypt.hashpw(password.encode('utf-8'), salt) Model: https://huggingface.co/codelion/Qwen2.5-Coder-0.5B-Instruct-security-grpo-lora Notebook: https://github.com/codelion/ellora/blob/main/Ellora_Recipe_5_Secure_Code_Generation_LoRA.ipynb Repository: https://github.com/codelion/ellora
reacted to their post with 👀 1 day ago
Over 40 percent of AI-generated code contains security vulnerabilities. We recently worked on a LoRA to write secure code by default using automated Semgrep analysis and GRPO, achieving 97 percent reduction in vulnerabilities without requiring security-specific prompts. Technical Approach: Automated security training pipeline combining Semgrep vulnerability detection with preference learning. Generate multiple solutions with varying security awareness, automatically analyze for vulnerabilities, create preference pairs based on security scores, train using GRPO with multi-factor scoring. Scoring System (100 points total): - Functionality: 40 points - Does the code work correctly - Security patterns: 40 points - Uses secure coding practices - Low vulnerabilities: 20 points - Semgrep score below threshold This balanced scoring prevents reward hacking where models generate empty functions to avoid vulnerabilities. Real Transformation Examples: Database query before: query = f"SELECT * FROM products WHERE name = '{name}'" Database query after: query = "SELECT * FROM products WHERE name = ?" db.execute(query, (name,)) Password hashing before: password_hash = hashlib.md5(password).hexdigest() Password hashing after: salt = bcrypt.gensalt(rounds=12) password_hash = bcrypt.hashpw(password.encode('utf-8'), salt) Model: https://huggingface.co/codelion/Qwen2.5-Coder-0.5B-Instruct-security-grpo-lora Notebook: https://github.com/codelion/ellora/blob/main/Ellora_Recipe_5_Secure_Code_Generation_LoRA.ipynb Repository: https://github.com/codelion/ellora
reacted to their post with 🚀 1 day ago
Over 40 percent of AI-generated code contains security vulnerabilities. We recently worked on a LoRA to write secure code by default using automated Semgrep analysis and GRPO, achieving 97 percent reduction in vulnerabilities without requiring security-specific prompts. Technical Approach: Automated security training pipeline combining Semgrep vulnerability detection with preference learning. Generate multiple solutions with varying security awareness, automatically analyze for vulnerabilities, create preference pairs based on security scores, train using GRPO with multi-factor scoring. Scoring System (100 points total): - Functionality: 40 points - Does the code work correctly - Security patterns: 40 points - Uses secure coding practices - Low vulnerabilities: 20 points - Semgrep score below threshold This balanced scoring prevents reward hacking where models generate empty functions to avoid vulnerabilities. Real Transformation Examples: Database query before: query = f"SELECT * FROM products WHERE name = '{name}'" Database query after: query = "SELECT * FROM products WHERE name = ?" db.execute(query, (name,)) Password hashing before: password_hash = hashlib.md5(password).hexdigest() Password hashing after: salt = bcrypt.gensalt(rounds=12) password_hash = bcrypt.hashpw(password.encode('utf-8'), salt) Model: https://huggingface.co/codelion/Qwen2.5-Coder-0.5B-Instruct-security-grpo-lora Notebook: https://github.com/codelion/ellora/blob/main/Ellora_Recipe_5_Secure_Code_Generation_LoRA.ipynb Repository: https://github.com/codelion/ellora
View all activity

Organizations

meraGPT's profile picture Lambda Security's profile picture National University of Singapore's profile picture Patched's profile picture ZeroGPU Explorers's profile picture MLX Community's profile picture Social Post Explorers's profile picture Hugging Face Discord Community's profile picture Dria's profile picture Adaptive Classifier's profile picture Reasoning datasets competition 's profile picture Cerebras Hugging Face Hackathon's profile picture Agents-MCP-Hackathon's profile picture