This work addresses the critical challenge that large language models (LLMs) in “ambient programming” often generate functionally correct code that nonetheless contains security vulnerabilities, while existing safety-enhancing approaches suffer from high computational costs, catastrophic forgetting, or insufficient fine-grained control. The study presents the first neuron-level identification of key computational units associated with security-related reasoning. By integrating gradient-based attribution analysis, activation-driven neuron clustering, and parameter-efficient fine-tuning, the method selectively fine-tunes only a small subset of critical neurons. Evaluated across six prominent code-generating LLMs, this approach improves security by an average of 2.5×, reduces trainable parameters by over 4,700×, and lowers computational overhead by 3.6×, all while preserving the model’s general capabilities—demonstrating remarkable efficiency, interpretability, and generalization.

Large language models (LLMs) are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally correct but insecure code, creating a growing security risk. Existing approaches to improving code security rely on full-parameter fine-tuning or parameter-efficient adaptations, which are either costly and prone to catastrophic forgetting or operate at coarse granularity with limited interpretability and control. We present GoodVibe, a neuron-level framework for improving the security of code language models by default. GoodVibe is based on the key insight that security-relevant reasoning is localized to a small subset of neurons. We identify these neurons using gradient-based attribution from a supervised security task and perform neuron-selective fine-tuning that updates only this security-critical subspace. To further reduce training cost, we introduce activation-driven neuron clustering, enabling structured updates with minimal overhead. We evaluate GoodVibe on six LLMs across security-critical programming languages, including C++, Java, Swift, and Go. GoodVibe substantially improves the security of generated code while preserving general model utility, achieving up to a 2.5x improvement over base models, matching or exceeding full fine-tuning with over 4,700x fewer trainable parameters, and reducing training computation by more than 3.6x compared to the parameter-efficient baseline (LoRA). Our results demonstrate that neuron-level optimization offers an effective and scalable approach to securing code generation without sacrificing efficiency or generality.