← The Wire

Security2026-06-14 · source-backed

CodeSpear: a benign code grammar constraint jailbreaks LLMs into malicious code.

Confidence
source-backed
Sources
1
Redaction
redacted

Story

Applying a harmless code-grammar constraint during decoding raises malicious-code attack success by 30+ percentage points across 10 popular models (arXiv). The natural-language refusal stays intact while the constrained decoder produces the payload anyway. If you use structured or constrained decoding in a code pipeline, your refusal training may not transfer to the constrained path. The proposed defense, CodeShield, generates honeypot code under the constraint while preserving refusals. Constrained decoding isn't a safety-neutral optimization.


Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entity: LLMs / Same source domain / Shared topic / Earlier coverage / Tension

    AlgoVeri — Formal Verification Benchmark

    Both cover LLMs; reported by the same outlet (arxiv.org); overlapping topics (code, constraint).

  2. Shared entity: LLMs / Same source domain / Shared topic / Earlier coverage

    Agent Safety (Exceptional Day)

    Both cover LLMs; reported by the same outlet (arxiv.org); overlapping topics (attack, refusal).

  3. Shared entity: LLMs / Same source domain / What happened next / Downstream implication

    Evaluator bias is contagious in multi-agent systems.

    Both cover LLMs; reported by the same outlet (arxiv.org); picks up the LLMs thread on 2026-06-19.

  4. A few visual cues drive most MLLM social bias.

    Both cover LLMs; reported by the same outlet (arxiv.org); picks up the LLMs thread on 2026-06-19.

  5. Shared entity: LLMs / Same source domain / Earlier coverage / Tension

    The "self-correction illusion" is the most useful empirical result of the day.

    Both cover LLMs; reported by the same outlet (arxiv.org); earlier LLMs coverage from 2026-06-09.

  6. Your AI-Generated Code Compiles. It Doesn't Work.

    Both cover LLMs; reported by the same outlet (arxiv.org); earlier LLMs coverage from 2026-04-22.

  7. 10 actionable skills from today's findings:

    Both cover LLMs; reported by the same outlet (arxiv.org); earlier LLMs coverage from 2026-03-22.

  8. Shared entity: LLMs / Same source domain / What happened next

    AdaTrans turns Rust compiler errors into automatic fixes

    Both cover LLMs; reported by the same outlet (arxiv.org); picks up the LLMs thread on 2026-07-01.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-14-codespear-a-benign-code-grammar-constraint-jailbreaks-llms-into-malicious-code
Labels
source-backed, canonical briefing excerpt
CodeSpear: a benign code grammar constraint jailbreaks LLMs into malicious code. | MindPattern