AINeutralarXiv – CS AI · Jun 256/10
🧠A systematic analysis of AI code generation security reveals that while models understand secure coding principles theoretically, they frequently fail to implement them correctly in practice. The research identifies substantial gaps between knowledge and execution, offering a framework to measure progress and suggesting principle-guided approaches as a path forward.
AINeutralarXiv – CS AI · Jun 256/10
🧠Researchers propose a decoupled evaluation framework for testing LLM-based penetration testing agents by separating reconnaissance from exploitation tasks. The study reveals significant capability gaps: agents achieve 90% success with accurate vulnerability context but only 50% autonomous reconnaissance performance, with distinct strengths across different architectural designs.
AIBullisharXiv – CS AI · Jun 236/10
🧠CNnotator, an LLM-powered tool, automatically generates memory safety annotations for legacy C code by synthesizing specifications that help identify security vulnerabilities. OpenAI's o3 model achieved 90% first-attempt success rates, suggesting AI-assisted code annotation is becoming practical for real-world systems migration and security analysis.
🏢 OpenAI🧠 GPT-4🧠 o1
AIBullisharXiv – CS AI · Jun 236/10
🧠Revelio is a new AI-powered framework that detects memory safety vulnerabilities in large codebases using large language models combined with executable proof-of-concept generation and deterministic sanitizer verification. The system discovered 19 previously unknown vulnerabilities in production projects while maintaining cost-efficiency, addressing the hallucination problem endemic to LLM-based security analysis.
AINeutralarXiv – CS AI · Jun 236/10
🧠Researchers empirically test whether host intrusion detection systems trained on syscall traces can generalize across different CVE exploits within the same Common Weakness Enumeration class. Results show CWE-level generalization works for some weakness families (achieving F1=0.6976 for authentication flaws) but fails for others, with cross-CVE transfer heavily dependent on source profile breadth rather than weakness classification.
AINeutralarXiv – CS AI · Jun 236/10
🧠AXE, a multi-agent AI framework, improves vulnerability exploitation detection by leveraging minimal metadata like CWE classifications and code locations, achieving 30% success rates—3x better than existing black-box approaches. The system generates actionable proof-of-concept exploits to help software maintainers validate and prioritize security findings more efficiently.
AIBearisharXiv – CS AI · Jun 116/10
🧠Researchers empirically tested whether open-source LLM-based AI agents can replace traditional Static Application Security Testing (SAST) tools like Bandit. The study found that current general-purpose open-source models underperform specialized security tools, suggesting agentic AI is not yet ready for autonomous vulnerability detection in real-world conditions.
AI × CryptoBullishDecrypt · Jun 66/10
🤖Advanced AI models are increasingly being deployed as bug-finding tools to identify security vulnerabilities in technology systems, with recent applications extending to cryptocurrency projects like Zcash. This development demonstrates AI's practical utility in enhancing security across digital infrastructure, though it raises questions about the implications for bug bounties and vulnerability disclosure processes.
AINeutralarXiv – CS AI · Jun 56/10
🧠Researchers demonstrate 'abliteration,' a technique that removes safety guardrails from code-generating AI models to enable them to synthesize vulnerable code for security research. The method successfully bypasses refusal mechanisms while preserving code generation capability, revealing that safety alignment and technical ability are separable properties in large language models.
AINeutralarXiv – CS AI · Jun 46/10
🧠Researchers conducted a reproducibility study of Vul-RAG, a RAG-based framework for detecting software vulnerabilities using LLMs, and found that while results are reproducible with open-weight models, performance plateaus around 0.30 pairwise accuracy regardless of model sophistication. The findings suggest that simply scaling up model capacity does not substantially improve vulnerability detection capabilities.
AIBullisharXiv – CS AI · May 126/10
🧠Researchers introduce VulTriage, an LLM-based framework that enhances vulnerability detection in source code through triple-path context augmentation combining control flow analysis, vulnerability knowledge retrieval, and semantic summarization. The approach achieves state-of-the-art results on benchmark datasets and demonstrates strong generalization to low-resource scenarios.
AINeutralThe Verge – AI · May 116/10
🧠OpenAI launched Daybreak, a security-focused AI initiative that proactively detects and patches software vulnerabilities using its Codex Security AI agent. The announcement directly follows Anthropic's release of Claude Mythos, positioning the two AI leaders in a competitive race to establish dominance in the emerging cybersecurity AI market.
🏢 OpenAI🏢 Anthropic🧠 Claude
AIBullishDecrypt – AI · May 116/10
🧠OpenAI has launched Daybreak, an AI-powered initiative designed to help organizations identify software vulnerabilities and enhance cybersecurity defenses. This move reflects the broader trend of AI companies expanding into enterprise security solutions, positioning artificial intelligence as a critical tool for identifying and mitigating cyber threats.
🏢 OpenAI
AIBullishArs Technica – AI · May 76/10
🧠Mozilla has validated AI-assisted bug discovery through its partnership with Mythos, which identified 271 vulnerabilities in Firefox with minimal false positives. The organization's endorsement signals growing confidence in AI tools for security vulnerability detection, representing a shift in how major software developers approach quality assurance.
AINeutralarXiv – CS AI · May 46/10
🧠Semia is a static auditor for LLM-driven agent skills that uses constraint-guided synthesis to analyze security risks in hybrid code-and-prose configurations. Testing 13,728 real-world skills from public marketplaces, Semia identified critical semantic vulnerabilities in over half and achieved 97.7% recall, significantly outperforming existing security tools.
AINeutralcrypto.news · Apr 116/10
🧠OpenAI and Anthropic are escalating competition in AI-powered cybersecurity, with OpenAI finalizing a commercial security product for limited partner deployment while Anthropic operates Project Glasswing, a controlled initiative focused on discovering critical software vulnerabilities. This competitive race signals that both AI labs view cybersecurity as a strategically important application area with commercial and defensive value.
🏢 OpenAI🏢 Anthropic
AIBullisharXiv – CS AI · Mar 96/10
🧠Researchers developed SecureRAG-RTL, a new AI framework that uses Retrieval-Augmented Generation to detect security vulnerabilities in hardware designs. The system improves detection accuracy by 30% on average across different LLM architectures and addresses the challenge of limited hardware security datasets for AI training.
AIBullishOpenAI News · Mar 65/10
🧠Codex Security, an AI-powered application security agent, has launched in research preview to help developers detect, validate, and patch complex vulnerabilities. The tool analyzes project context to provide more accurate security assessments with reduced false positives.
AIBullisharXiv – CS AI · Mar 37/1010
🧠Researchers developed a new inference-time safety mechanism for code-generating AI models that uses retrieval-augmented generation to identify and fix security vulnerabilities in real-time. The approach leverages Stack Overflow discussions to guide AI code revision without requiring model retraining, improving security while maintaining interpretability.
AI × CryptoBearishCoinTelegraph – AI · Mar 37/107
🤖OpenZeppelin discovered significant flaws in OpenAI's EVMbench dataset, including data contamination from training leaks and at least four incorrectly classified high-severity vulnerabilities. This finding raises concerns about the reliability of AI tools used for blockchain security auditing.
AIBullisharXiv – CS AI · Mar 27/1015
🧠Researchers have developed Vul2Safe, a new framework for generating secure code using large language models, which addresses security vulnerabilities through self-reflection and token-level reinforcement learning. The approach introduces the PrimeVul+ dataset and SRCode training framework to provide more precise optimization of security patterns in code generation.
AIBullisharXiv – CS AI · Mar 26/1012
🧠Researchers developed Hybrid Class-Aware Selective Replay (Hybrid-CASR), a continual learning method that improves AI-based software vulnerability detection by addressing catastrophic forgetting in temporal scenarios. The method achieved 0.667 Macro-F1 score while reducing training time by 17% compared to baseline approaches on CVE data from 2018-2024.