To address the security deficiencies of large language models (LLMs) in code generation—particularly their tendency to introduce exploitable vulnerabilities—this paper proposes an active security-aware code generation agent grounded in secure coding guidelines and self-generated unit tests. Methodologically, it introduces a novel lightweight, non-reasoning LLM integrated with a multi-stage agent workflow (plan–generate–verify–repair), incorporating security guideline injection and LLM-driven unit test generation, built upon the Sonnet-3.7 foundation model. Its key contribution is the first demonstration of security performance approaching that of state-of-the-art reasoning-based models—without relying on computationally intensive reasoning LLMs—achieving synergistic optimization of security enhancement and functional correctness. Experiments show that the approach preserves 98% of original functional correctness while reducing security vulnerability rates by approximately 25%, attaining overall security performance comparable to—or exceeding—that of advanced reasoning-based models.

Large language models (LLMs) have seen widespread success in code generation tasks for different scenarios, both everyday and professional. However current LLMs, despite producing functional code, do not prioritize security and may generate code with exploitable vulnerabilities. In this work, we propose techniques for generating code that is more likely to be secure and introduce SCGAgent, a proactive secure coding agent that implements our techniques. We use security coding guidelines that articulate safe programming practices, combined with LLM-generated unit tests to preserve functional correctness. In our evaluation, we find that SCGAgent is able to preserve nearly 98% of the functionality of the base Sonnet-3.7 LLM while achieving an approximately 25% improvement in security. Moreover, SCGAgent is able to match or best the performance of sophisticated reasoning LLMs using a non-reasoning model and an agentic workflow.