Large language models (LLMs) exhibit strong code-generation capabilities but struggle to reliably avoid security vulnerabilities, primarily because existing prompting techniques fail to effectively activate their latent vulnerability-discrimination abilities. This paper proposes MoC (Modulated Correction), a fine-tuning-free, inference-time steering method that identifies security- and vulnerability-sensitive internal representations—specifically in hidden layers—via representation engineering, and dynamically rectifies token probability distributions through a linear mixture mechanism. Experiments on Qwen2.5-Coder-7B demonstrate that MoC simultaneously enhances both security and functionality: secure code generation rate improves by 8.9%, and HumanEval pass@1 increases by 2.1%. The core contribution lies in the first identification and exploitation of LLMs’ intrinsic, pre-trained vulnerability-aware representations, enabling efficient, lightweight, and plug-and-play security augmentation without architectural or training modifications.

Large language models (LLMs) have become proficient at sophisticated code-generation tasks, yet remain ineffective at reliably detecting or avoiding code vulnerabilities. Does this deficiency stem from insufficient learning about code vulnerabilities, or is it merely a result of ineffective prompting? Using representation engineering techniques, we investigate whether LLMs internally encode the concepts necessary to identify code vulnerabilities. We find that current LLMs encode precise internal representations that distinguish vulnerable from secure code--achieving greater accuracy than standard prompting approaches. Leveraging these vulnerability-sensitive representations, we develop an inference-time steering technique that subtly modulates the model's token-generation probabilities through a mixture of corrections (MoC). Our method effectively guides LLMs to produce less vulnerable code without compromising functionality, demonstrating a practical approach to controlled vulnerability management in generated code. Notably, MoC enhances the security ratio of Qwen2.5-Coder-7B by 8.9%, while simultaneously improving functionality on HumanEval pass@1 by 2.1%.