Code large language models (CodeLLMs) may memorize and leak training data when generating code, documentation, or test cases, posing privacy and intellectual property risks. To address this, we propose the first systematic integration of differential privacy (DP) into CodeLLM fine-tuning, preserving generation capability while ensuring strong privacy guarantees. Our method introduces a DP-compliant training framework based on gradient clipping and Gaussian noise injection, and employs a comprehensive evaluation suite—including BLEU, CodeBLEU, functional correctness, and quantitative memorization metrics. Experiments demonstrate that DP substantially reduces memorization rates across diverse code fragments—particularly for highly memorizable ones—while incurring only marginal perplexity degradation and maintaining or even improving generation quality. Training overhead remains negligible. This work establishes the first verifiable, reproducible DP practice paradigm for secure and trustworthy CodeLLM training.

Large language models specialized for code (CodeLLMs) have demonstrated remarkable capabilities in generating code snippets, documentation, and test cases. However, despite their promising capabilities, CodeLLMs can inadvertently memorize and reproduce snippets from their training data, which poses risks of privacy breaches and intellectual property violations. These risks restrict the deployment of CodeLLMs in sensitive domains and limit their training datasets to publicly available sources. To mitigate the memorization risk without compromising their task performance, we apply Differential Privacy (DP) to CodeLLMs. To the best of our knowledge, this is the first comprehensive study that systematically evaluates the effectiveness of DP in CodeLLMs. DP adds calibrated noise to the training process to protect individual data points while still allowing the model to learn useful patterns. To this end, we first identify and understand the driving reasons of the memorization behaviour of the CodeLLMs during their fine-tuning. Then, to address this issue, we empirically evaluate the effect of DP on mitigating memorization while preserving code generation capabilities. Our findings show that DP substantially reduces memorization in CodeLLMs across all the tested snippet types. The snippet types most prone to memorization are also the most effectively mitigated by DP. Furthermore, we observe that DP slightly increases perplexity but preserves, and can even enhance, the code generation capabilities of CodeLLMs, which makes it feasible to apply DP in practice without significantly compromising model utility. Finally, we analyze the impact of DP on training efficiency and energy consumption, finding that DP does not significantly affect training time or energy usage, making it a practical choice for privacy-preserving CodeLLMs training.