A company deploys a GenAI-powered code review assistant. During evaluation, they find that the assistant often suggests security vulnerabilities as improvements. What is the MOST likely cause?
Training data bias toward insecure code can cause the model to suggest vulnerabilities.
Why this answer
The most likely cause is that the model was trained on a dataset containing many insecure code examples. A GenAI code review assistant learns patterns from its training data; if that data includes prevalent security vulnerabilities (e.g., SQL injection, buffer overflows), the model will internalize those patterns as 'normal' or even 'desirable' improvements. This leads to the assistant suggesting insecure code changes because it is statistically replicating the flawed logic it was exposed to during training.
Exam trap
Cisco often tests the misconception that prompt engineering alone (e.g., adding a security constraint) can override fundamental training data biases, when in fact the model's learned weights from the training corpus are the dominant factor in output quality.
How to eliminate wrong answers
Option B is wrong because setting the temperature too low (e.g., near 0) makes the model more deterministic and conservative, reducing randomness and the likelihood of suggesting unusual or insecure patterns; it would not cause the model to actively suggest vulnerabilities. Option C is wrong because model size (number of parameters) affects capability and fluency, not the tendency to generate insecure code; a small model can still produce secure suggestions if trained on secure data, while a large model trained on insecure data will replicate those flaws. Option D is wrong because while a missing security constraint in the prompt might fail to guide the model away from vulnerabilities, the root cause is the training data; even with a security constraint, a model trained on insecure examples may still suggest vulnerabilities due to its ingrained patterns, and the question asks for the 'most likely' cause, which is the data quality issue.