SPARK: Security Knowledge Priming and Representation-Guided Knowledge Activation for LLM-based Secure Code Generation

The article introduces SPARK, a novel inference-time security harness designed to enhance the secure code generation capabilities of large language models (LLMs) without requiring retraining. SPARK consists of two components: the first retrieves relevant Common Weakness Enumeration (CWE) entries to append structured cues to prompts, while the second applies a precomputed token bias derived from safe and unsafe hidden state differences at each decoding step. Evaluated on nine open-source models across C++, Java, and Python, SPARK outperforms or matches the best existing methods while maintaining utility in human evaluation, addressing the critical issue of insecure code generation in LLMs.