Persona Reinforcement for Secure Programming AI Tutors: Adaptive Assistance in Action
| dc.contributor.author | Srinivasan Manikandan, Adithya Harish | en |
| dc.contributor.committeechair | Tilevich, Eli | en |
| dc.contributor.committeechair | Meng, Na | en |
| dc.contributor.committeemember | Brown, Dwayne Christian | en |
| dc.contributor.department | Computer Science and#38; Applications | en |
| dc.date.accessioned | 2025-12-24T09:01:39Z | en |
| dc.date.available | 2025-12-24T09:01:39Z | en |
| dc.date.issued | 2025-12-23 | en |
| dc.description.abstract | The world needs safe software, but producing it requires secure programming skills. Unfortunately, effectively teaching students secure coding skills remains a critical open problem. Pedagogy suggests that students acquire skills best through a combination of conceptual reasoning and practical experience. In computing, students gain this practical experience through hands-on programming exercises and projects. In the age of generative AI, modern tools, such as large language models (LLMs), often hinder effective learning by providing solutions to coding problems without engaging students in the learning process. Instead of internalizing the key concepts, students can simply copy answers without understanding, undermining the learning objectives. Unexpectedly, generative AI offers a promising opportunity to address the problem it has created, providing appropriate constraints and design. To that end, we present Secure Programming with Adaptive Reasoning Companion (SPARC), an AI-powered tutor designed to guide students through secure programming exercises, rather than directly provide solutions. Our design reinforces SPARC's tutor persona through a confluence of three techniques: (1) tailored prompt engineering, (2) a novel combination of AI techniques---coined as a learning safeguard proxy ---designed to prevent the tutor from directly providing solutions, and (3) a responsive algorithm that adapts responses to student proficiencies. We have integrated SPARC with SecureCoder, a drill-and-practice platform for secure coding skills, and evaluated its effectiveness via a pilot study. Across 120 study sessions (80 with SPARC and 40 with GPT-4o-mini), SPARC facilitated a 95% exercise completion rate compared to 80% for GPT-4o-mini, and pilot study participants demonstrated statistically higher satisfaction with SPARC's adaptability than GPT-4o-mini. Further, unlike GPT-4o-mini, all interactions with SPARC avoided providing participants with complete solutions. Finally, our study demonstrated that more than 85% of participants found SPARC's guidance to be clear, adaptive, and helpful, with 80% reporting improved understanding of secure programming concepts. Our evaluation suggests that SPARC's novel design achieves its goal of serving as a secure programming tutor. SPARC provides helpful guidance that most students found to enhance their learning experiences. As secure programming skills are vitally important, this work contributes to secure computing education by employing generative AI as an educator's ally, rather than its adversary. | en |
| dc.description.abstractgeneral | Software powers nearly every aspect of modern life, but software insecurity can hurt both people and organizations. Learning how to write secure code is therefore essential, yet teaching this skill effectively remains a challenge. With the rise of generative AI tools such as ChatGPT, many students rely on these systems to receive direct solutions, thus undermining the learning process. This thesis introduces Secure Programming with Adaptive Reasoning Companion or SPARC for short. This AI-powered tutor helps students learn secure programming by guiding them step by step instead of providing direct answers. SPARC encourages reasoning and problem solving by offering hints that adapt to each student's skill level. The system is integrated with SecureCoder, a drill-and-practice platform for secure coding, through which students can apply these adaptive hints when solving problems. In a pilot study involving 20 participants, students using SPARC demonstrated greater success and engagement compared to those using a GPT model. Most participants described SPARC's hints as clear, helpful, and adaptive to their needs, noting that it deepened their understanding of secure coding. The detailed evaluation showed that SPARC effectively fulfills its goal as a secure programming tutor. By shifting the role of generative AI from one that undermines education to an active learning assistant, this research demonstrates how AI can effectively support rather than replace the educational process. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:45378 | en |
| dc.identifier.uri | https://hdl.handle.net/10919/140564 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Large Language Models | en |
| dc.subject | secure programming education | en |
| dc.subject | intelligent tutoring systems | en |
| dc.subject | plan of thought | en |
| dc.subject | prompt engineering | en |
| dc.subject | generative AI | en |
| dc.subject | adaptive tutor | en |
| dc.title | Persona Reinforcement for Secure Programming AI Tutors: Adaptive Assistance in Action | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Science & Applications | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |