Can Open-Source LLM Agents Replace Static Application Security Testing Tools? An Empirical Assessment
A new research paper evaluates whether open-source LLM agents can effectively replace traditional static application security testing (SAST) tools. The study found that current general-purpose GenAI LLM agents are not yet suitable for specialized SAST tasks under realistic conditions. The agents' performance was compared against the SAST tool Bandit, with findings indicating limitations in precision, recall, and false positive rates. AI
IMPACT Current open-source LLM agents are not yet capable of performing specialized cybersecurity tasks like SAST, indicating a need for further development in agentic AI for security applications.