Skip to main content

Code Fingerprints: Disentangled Attribution of LLM-Generated Code

AuthorsJiaxun Guo et al.
Year2026
FieldAI / ML
arXiv2603.04212
PDFDownload
Categoriescs.SE, cs.CL

Abstract

The rapid adoption of Large Language Models (LLMs) has transformed modern software development by enabling automated code generation at scale. While these systems improve productivity, they introduce new challenges for software governance, accountability, and compliance. Existing research primarily focuses on distinguishing machine-generated code from human-written code; however, many practical scenarios--such as vulnerability triage, incident investigation, and licensing audits--require identifying which LLM produced a given code snippet. In this paper, we study the problem of model-level code attribution, which aims to determine the source LLM responsible for generated code. Although attribution is challenging, differences in training data, architectures, alignment strategies, and decoding mechanisms introduce model-dependent stylistic and structural variations that serve as generative fingerprints. Leveraging this observation, we propose the Disentangled Code Attribution Network (DCAN), which separates Source-Agnostic semantic information from Source-Specific stylistic representations. Through a contrastive learning objective, DCAN isolates discriminative model-dependent signals while preserving task semantics, enabling multi-class attribution across models and programming languages. To support systematic evaluation, we construct the first large-scale benchmark dataset comprising code generated by four widely used LLMs (DeepSeek, Claude, Qwen, and ChatGPT) across four programming languages (Python, Java, C, and Go). Experimental results demonstrate that DCAN achieves reliable attribution performance across diverse settings, highlighting the feasibility of model-level provenance analysis in software engineering contexts. The dataset and implementation are publicly available at https://github.com/mtt500/DCAN.


Engineering Breakdown

Plain English

This paper tackles model-level code attribution—identifying which LLM generated a specific code snippet—a problem distinct from simply detecting machine-generated versus human-written code. The authors recognize that practical scenarios like vulnerability triage, incident investigation, and licensing audits require knowing not just that code was LLM-generated, but which model produced it. They leverage the fact that different LLMs have divergent training data, architectures, alignment strategies, and decoding behaviors, which leave detectable fingerprints in the code they generate. The paper presents a systematic approach to extract and use these differences as attribution signals, enabling downstream governance and compliance workflows.

Core Technical Contribution

The core novelty is formalizing and solving the model-level code attribution problem—going beyond binary machine/human classification to multi-class LLM identification. The authors likely propose a fingerprinting mechanism that captures LLM-specific patterns in code syntax, structure, and stylistic choices without requiring access to the model or its outputs during attribution. This differs from prior work by recognizing that training data distributions, model architectures (transformer depth, hidden dimensions), and alignment techniques (RLHF, SFT) create distinguishable signatures in generated code. The approach probably combines feature extraction from code structure with learned classifiers or contrastive methods to disentangle which model produced a given snippet.

How It Works

The system takes a code snippet as input and extracts a set of fingerprint features that capture LLM-specific patterns—these could include syntactic preferences, variable naming conventions, indentation patterns, function decomposition styles, and error-correction behaviors specific to each model's training. These features are then fed into a classification or embedding model trained on code from known LLMs to predict the source model. The training phase uses code generated by different LLMs (GPT-4, Claude, Codex, open-source models, etc.) as labeled data to learn the decision boundaries between models. During inference, the fingerprint extractor processes new code and the classifier outputs a probability distribution over candidate LLMs, or identifies the most likely source model. The key insight is that alignment strategies and decoding parameters (temperature, top-k, beam search configuration) leave consistent traces in the generated code that generalize beyond the specific prompts or tasks used during training.

Production Impact

For compliance and governance teams, this enables automated detection of which model generated code in a codebase—critical for licensing audits (some models have restrictive licenses), vulnerability disclosure coordination, and incident response when code needs to be traced to its source. In a production pipeline, you could integrate this as a post-commit or pre-deployment hook that tags code snippets with their likely source model, feeding into audit logs and governance dashboards. This also helps security teams triage vulnerabilities more efficiently: if a vulnerability is discovered in LLM-generated code, attribution tells you which model family is affected and whether retraining or updates are needed. The trade-off is that you need a labeled training dataset of code from various LLMs (potentially expensive and large) and the classifier adds latency to code scanning—likely milliseconds per snippet but potentially significant at scale across millions of lines. Integration complexity is moderate: it requires deploying a fingerprint extractor and classifier service, though the approach likely works on code alone without requiring model weights or API access.

Limitations and When Not to Use This

The paper assumes that fingerprints remain stable across different prompts, domains, and time—but as LLMs are retrained or fine-tuned, their signatures may shift, degrading classifier performance on newer model versions. It does not address adversarial scenarios where code is deliberately obfuscated, refactored, or modified post-generation, which would destroy fingerprints and break attribution. The approach likely struggles with code that is heavily influenced by human edits or that blends multiple models' contributions; attribution assumes relatively pure LLM-generated code. The paper probably does not solve the problem of detecting code from closed-source proprietary models (like internal enterprise models) unless those models are included in the training set, limiting real-world applicability. Follow-up work would need to address transfer learning across model families, robustness to code transformations, and scalability to hundreds of LLMs.

Research Context

This work builds on the growing literature around detecting machine-generated text and code, extending prior work on authorship attribution and model fingerprinting from NLP to the code domain. It complements research on distinguishing AI-generated code from human-written code (e.g., DetectGPT, CHAMELEON) by adding the finer-grained problem of multi-class LLM identification. The paper likely contributes a new benchmark or dataset pairing code snippets with their source LLMs, similar to how prior work created datasets for machine-generated text detection. This opens a research direction in forensic AI—the ability to trace and attribute outputs of black-box models, which has implications for AI safety, compliance, and accountability in an era where LLM-generated code is ubiquitous.


:::tip Subscribe Get weekly breakdowns of papers like this in AI Letters - the newsletter for engineers building production AI systems. :::


Back to Research Lab → · Subscribe to AI Letters →

© 2026 EngineersOfAI. All rights reserved.