Large Language Models (LLMs) employed for code generation are susceptible to Malicious Programming Prompts (MaPP) attacks. In these scenarios, an adversary injects a concise string, typically under 500 bytes, into the prompt. This manipulation compels the LLM to produce code embedded with vulnerabilities while maintaining its intended functional correctness. The attack leverages the LLM's inherent ability to adhere to instructions, including those that are maliciously inserted, thereby introducing unintended behaviors into the generated code. The injected vulnerabilities can range from general issues, such as predictable random seeds, system information exfiltration, and memory leaks, to specific Common Weakness Enumerations (CWEs). Mitigation steps: **For AI Developers:** * Implement robust input sanitization and validation mechanisms to detect and prevent the injection of malicious instructions into the LLM's prompt. * Design prompts carefully and monitor them for suspicious patterns or modifications. * Limit unauthorized access to the LLM's prompts and system configurations, preventing direct manipulation. * Restrict LLM access to untrusted plugins and external data sources, ensuring that only trusted resources are used. Implement access control and validation for these externals. * Implement multiple layers of security, combining prevention mechanisms with detection and response capabilities. **For Model Trainers/Fine-tuners:** * Implement rigorous code review processes and utilize static analysis tools to detect vulnerabilities in the generated code.