@inproceedings{wahed-etal-2025-mocha,
    title = "{MOCHA}: Are Code Language Models Robust Against Multi-Turn Malicious Coding Prompts?",
    author = {Wahed, Muntasir  and
      Zhou, Xiaona  and
      Nguyen, Kiet A.  and
      Yu, Tianjiao  and
      Diwan, Nirav  and
      Wang, Gang  and
      Hakkani-T{\"u}r, Dilek  and
      Lourentzou, Ismini},
    editor = "Christodoulopoulos, Christos  and
      Chakraborty, Tanmoy  and
      Rose, Carolyn  and
      Peng, Violet",
    booktitle = "Findings of the Association for Computational Linguistics: EMNLP 2025",
    month = nov,
    year = "2025",
    address = "Suzhou, China",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/author-page-yu-wang-polytechnic/2025.findings-emnlp.1249/",
    doi = "10.18653/v1/2025.findings-emnlp.1249",
    pages = "22922--22948",
    ISBN = "979-8-89176-335-7",
    abstract = "Recent advancements in Large Language Models (LLMs) have significantly enhanced their code generation capabilities. However, their robustness against adversarial misuse, particularly through multi-turn malicious coding prompts, remains underexplored. In this work, we introduce code decomposition attacks, where a malicious coding task is broken down into a series of seemingly benign subtasks across multiple conversational turns to evade safety filters. To facilitate systematic evaluation, we introduce MOCHA, a large-scale benchmark designed to evaluate the robustness of code LLMs against both single-turn and multi-turn malicious prompts. Empirical results across open- and closed-source models reveal persistent vulnerabilities, especially under multi-turn scenarios. Fine-tuning on MOCHA improves rejection rates while preserving coding ability, and importantly, enhances robustness on external adversarial datasets with up to 32.4{\%} increase in rejection rates without any additional supervision."
}