研究人员开发了OpenAnt,一个开源系统,旨在通过结合静态分析和基于LLM的推理的多阶段管道来发现大型代码库中的漏洞。该系统将代码分解为可管理的单元,使用对抗性验证来模拟可利用性,并在沙盒环境中动态测试发现结果。在OpenSSL和WordPress等项目上的评估表明,OpenAnt能够以减少的误报和可管理的成本识别未知漏洞。 AI
影响 该系统展示了LLM在增强软件安全和减轻手动代码审查负担方面的实际应用。
排序理由 该集群包含一篇详细介绍新漏洞发现系统的学术论文。
AI 生成摘要 · Google Gemini · 来自 2 个来源。 我们如何撰写摘要 →
arXiv:2606.19149v1 Announce Type: cross Abstract: Automated vulnerability discovery in large codebases remains challenging: traditional static analysis produces high false-positive rates, while dynamic approaches such as fuzzing require substantial infrastructure and often target…
Automated vulnerability discovery in large codebases remains challenging: traditional static analysis produces high false-positive rates, while dynamic approaches such as fuzzing require substantial infrastructure and often target narrow classes of bugs. Recent advances in large …