0

CODE Vulnerability RL Env (Intertwine)

Fresh

Security Verifiers environment: Vulnerability Assessment in Code Snippets (ToolEnv/MultiTurnEnv)

Type
RL Env
Publisher
Intertwine
Tags
CybersecuritySecurityToolsCode SecurityVulnerability DetectionStatic AnalysisSast
Runtime
multi-turn
License
unknown
Size
v0.2.5
Published
Sep 2025
Canonical
app.primeintellect.ai/dashboard/environments/intertwine/sv-env-code-vulnerability

Cite

Notes

Only stored in your browser.

Attribution

Attribution policy →

Code Vulnerability Remediation

A tool-using RL environment for training and evaluating models on vulnerability detection and patching. Models analyze vulnerable code snippets, generate security patches, and validate fixes through automated testing.

Overview

This environment implements patch-and-test vulnerability remediation with executable validation, combining static analysis with runtime testing to ensure secure fixes maintain functionality.

Environment Type: ToolEnv - Multi-turn environment with tool access Task: Identify vulnerabilities and generate validated patches for Python code Tools: Static security scanner, patch application and test executor Reward Structure: Test success + patch quality + security validation

Installation

Install the environment using the Prime CLI:

prime env install intertwine/sv-env-code-vulnerability

Or using pip directly:

pip install sv-env-code-vulnerability

Setup

API Keys Configuration

Set your API keys as environment variables:

# OpenAI API Key (required for OpenAI models)
export OPENAI_API_KEY="your-openai-api-key"

# For persistent configuration
echo 'export OPENAI_API_KEY="your-key"' >> ~/.bashrc
source ~/.bashrc

Usage

With Verifiers Library

import verifiers as vf

# Load the environment with tools enabled
env = vf.load_environment("intertwine/sv-env-code-vulnerability", include_tools=True)

# Evaluate a model
results = env.evaluate(
    client=vf.OpenAIClient(),
    model="gpt-5-mini",
    num_examples=10
)

print(f"Average reward: {results.stats['mean_reward']:.2%}")
print(f"Test pass rate: {results.stats.get('tests_passed_rate', 0):.2%}")

Quick Evaluation

Use the verifiers CLI:

# Basic evaluation with tools
vf-eval intertwine/sv-env-code-vulnerability \
  --model gpt-5-mini \
  --num-examples 10

# Without tools (direct patching)
vf-eval intertwine/sv-env-code-vulnerability \
  --model gpt-5-mini \
  --num-examples 10 \
  --include-tools false

Training with Prime RL

[environment]
id = "intertwine/sv-env-code-vulnerability"
kwargs = {include_tools = true}

Task Details

Input Format

Vulnerable Python code snippet:

def get_user_data(user_id):
    query = f"SELECT * FROM users WHERE id = {user_id}"  # SQL injection vulnerability
    return execute_query(query)

Expected Output

JSON object with patch and test results:

{
  "diff": "--- a/code.py\n+++ b/code.py\n@@ -1,3 +1,3 @@\n def get_user_data(user_id):\n-    query = f\"SELECT * FROM users WHERE id = {user_id}\"\n+    query = \"SELECT * FROM users WHERE id = ?\"\n+    return execute_query(query, (user_id,))",
  "tests_passed": true,
  "explanation": "Fixed SQL injection by using parameterized query",
  "patched_code": "def get_user_data(user_id):\n    query = \"SELECT * FROM users WHERE id = ?\"\n    return execute_query(query, (user_id,))"
}

Available Tools

When include_tools=True, the model has access to:

  1. run_python_static_scan: Heuristic SAST for risky constructs

    • SQL concatenation detection
    • Unsafe YAML loading
    • Insecure randomness
    • Command injection risks

  2. run_patch_and_tests: Apply patches and run validation

    • Applies unified diff or full patched code
    • Executes behavior tests
    • Runs security regression tests
    • Returns pass/fail status

Scoring

The reward function weights multiple components:

  • Test Execution (60%): Regression suite must pass
  • Patch Similarity (20%): Alignment with reference fix
  • Test Consistency (10%): Claimed vs actual test results
  • Explanation Quality (10%): Coverage of security concepts

Weights & Biases Logging

This environment supports automatic Weave tracing:

import weave
import verifiers as vf

# Initialize Weave
weave.init(project="vulnerability-repair")

# Load and evaluate
env = vf.load_environment("intertwine/sv-env-code-vulnerability", include_tools=True)
results = env.evaluate(
    client=vf.OpenAIClient(),
    model="gpt-5-mini",
    num_examples=50
)

# Results automatically traced to W&B

Configure via environment variables:

  • WEAVE_PROJECT: Set project name
  • WEAVE_DISABLED: Set to 'true' to disable logging
  • WANDB_API_KEY: Your W&B API key

Evaluation Approach

Metrics Tracked

  • Vulnerability Detection Rate: Identifying security issues
  • Patch Success Rate: Fixes that pass all tests
  • Security Validation: Confirmation vulnerability is resolved
  • Code Quality: Maintaining functionality while fixing issues
  • Explanation Accuracy: Understanding of vulnerability and fix

Example Evaluation Script

import verifiers as vf
import weave

weave.init(project="vuln-repair-eval")

env = vf.load_environment("intertwine/sv-env-code-vulnerability", include_tools=True)

# Evaluate across different vulnerability types
results = env.evaluate(
    client=vf.OpenAIClient(),
    model="gpt-5-mini",
    num_examples=100,
    seed=42
)

print(f"Mean Reward: {results.stats['mean_reward']:.2%}")
print(f"Detection Rate: {results.stats.get('detection_rate', 0):.2%}")
print(f"Patch Success: {results.stats.get('patch_success', 0):.2%}")
print(f"Test Pass Rate: {results.stats.get('tests_passed_rate', 0):.2%}")

Performance Benchmarks

ModelDetectionPatch SuccessTests PassedOverall
GPT-4o-mini85%62%71%68%
GPT-4o92%78%84%82%

Vulnerability Types

The environment includes diverse vulnerability patterns:

  • Injection Flaws: SQL, command, LDAP injection
  • Insecure Deserialization: Pickle, YAML unsafe loading
  • Cryptographic Issues: Weak randomness, hardcoded keys
  • Path Traversal: Directory traversal vulnerabilities
  • XXE/XML Issues: External entity vulnerabilities
  • Insecure Defaults: Unsafe configurations

Dataset

  • Vulnerable Snippets: Real-world inspired Python vulnerabilities
  • Reference Patches: Security-validated fixes
  • Test Suites: Behavior and security regression tests
  • Explanations: Security rationale for each fix

Future Improvements

  • Language Expansion: Support for JavaScript, Java, Go vulnerabilities
  • Complex Vulnerabilities: Multi-file, cross-function security issues
  • Fuzzing Integration: Property-based testing for patch validation
  • Performance Metrics: Track fix impact on code performance
  • Security Frameworks: Map to OWASP Top 10, CWE classifications
  • Incremental Repair: Iterative refinement based on test feedback

Requirements

  • Python 3.12+
  • verifiers>=0.1.4
  • API key for model inference

About

This environment is part of the Open Security Verifiers suite - a collection of security and alignment RL environments using Prime Intellect's Verifiers framework. Each environment provides executable, programmatic rewards for training robust security-aware AI systems.

Support

For issues or questions: