This work reveals the widespread yet underrecognized presence of natural backdoor vulnerabilities in large code models, which can trigger malicious behaviors without user awareness. The study systematically demonstrates the prevalence of such vulnerabilities across diverse model architectures and tasks, clearly distinguishing them from injected backdoors in origin and mechanism. Through empirical analysis, cross-dataset and cross-architecture transfer experiments, and parameter-level provenance tracing, the authors comprehensively evaluate the efficacy of pre-training, during-training, and post-training defense strategies. Their findings indicate that existing defenses are largely ineffective against natural backdoors. In response, they propose ScanNBT, a dedicated detection framework that significantly improves detection performance across 44 distinct scenarios.

Code Language Models (CodeLMs) have become integral to software engineering, significantly advancing code intelligence tasks. However, their widespread adoption has raised critical security concerns, particularly regarding susceptibility to backdoor attacks. Recent studies have uncovered naturally occurring backdoors, referred to as natural backdoors, in normally trained deep learning models. Despite posing threats as serious as those introduced through data poisoning, security implications of natural backdoor vulnerabilities in CodeLMs remain poorly understood. In this paper, we conduct a thorough empirical study of natural backdoor vulnerabilities in CodeLMs across various model architectures and code intelligence tasks. Specifically, we examine potential natural backdoor vulnerabilities across 44 scenarios, demonstrating that natural backdoors are prevalent and intrinsic to CodeLMs. We reveal differences between injected and natural backdoor vulnerabilities at both the model and parameter levels. We then analyze the transferability of natural backdoor vulnerabilities from three perspectives: datasets, model architectures, and shared knowledge. We further investigate the causes of natural backdoors from two aspects: training datasets and the model training procedure. We evaluate existing backdoor defense techniques, including pre-training, in-training, and post-training defenses, in mitigating natural backdoors. Finally, we propose ScanNBT, a novel detection method designed to improve comprehensive detection of natural backdoor vulnerabilities in CodeLMs. We aim for our findings to enhance understanding of these vulnerabilities and provide insights for strengthening CodeLM security against backdoor threats.