y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#vulnerability-detection News & Analysis

47 articles tagged with #vulnerability-detection. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

47 articles
AINeutralarXiv – CS AI · Jun 256/10
🧠

SoK: AI Secure Code Generation: Progress, Pitfalls, and Paths Forward

A systematic analysis of AI code generation security reveals that while models understand secure coding principles theoretically, they frequently fail to implement them correctly in practice. The research identifies substantial gaps between knowledge and execution, offering a framework to measure progress and suggesting principle-guided approaches as a path forward.

AINeutralarXiv – CS AI · Jun 256/10
🧠

Decoupling Reconnaissance and Exploitation: Measuring the Capability Boundaries of LLM-Based Web Penetration Testing

Researchers propose a decoupled evaluation framework for testing LLM-based penetration testing agents by separating reconnaissance from exploitation tasks. The study reveals significant capability gaps: agents achieve 90% success with accurate vulnerability context but only 50% autonomous reconnaissance performance, with distinct strengths across different architectural designs.

AIBullisharXiv – CS AI · Jun 236/10
🧠

CNnotator: LLM-Guided Memory Safety Annotation Synthesis

CNnotator, an LLM-powered tool, automatically generates memory safety annotations for legacy C code by synthesizing specifications that help identify security vulnerabilities. OpenAI's o3 model achieved 90% first-attempt success rates, suggesting AI-assisted code annotation is becoming practical for real-world systems migration and security analysis.

🏢 OpenAI🧠 GPT-4🧠 o1
AIBullisharXiv – CS AI · Jun 236/10
🧠

Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection For Repository-Scale Codebases

Revelio is a new AI-powered framework that detects memory safety vulnerabilities in large codebases using large language models combined with executable proof-of-concept generation and deterministic sanitizer verification. The system discovered 19 previously unknown vulnerabilities in production projects while maintaining cost-efficiency, addressing the hallucination problem endemic to LLM-based security analysis.

AINeutralarXiv – CS AI · Jun 236/10
🧠

From CVE to CWE: Syscall-Based HIDS Generalisation

Researchers empirically test whether host intrusion detection systems trained on syscall traces can generalize across different CVE exploits within the same Common Weakness Enumeration class. Results show CWE-level generalization works for some weakness families (achieving F1=0.6976 for authentication flaws) but fails for others, with cross-CVE transfer heavily dependent on source profile breadth rather than weakness classification.

AINeutralarXiv – CS AI · Jun 236/10
🧠

AXE: Grey-Box Exploitability Confirmation for Localized Vulnerability Reports

AXE, a multi-agent AI framework, improves vulnerability exploitation detection by leveraging minimal metadata like CWE classifications and code locations, achieving 30% success rates—3x better than existing black-box approaches. The system generates actionable proof-of-concept exploits to help software maintainers validate and prioritize security findings more efficiently.

AIBearisharXiv – CS AI · Jun 116/10
🧠

Can Open-Source LLM Agents Replace Static Application Security Testing Tools? An Empirical Assessment

Researchers empirically tested whether open-source LLM-based AI agents can replace traditional Static Application Security Testing (SAST) tools like Bandit. The study found that current general-purpose open-source models underperform specialized security tools, suggesting agentic AI is not yet ready for autonomous vulnerability detection in real-world conditions.

AI × CryptoBullishDecrypt · Jun 66/10
🤖

AI Is Helping Discover Tech Vulnerabilities—And Zcash Is Just the Latest Example

Advanced AI models are increasingly being deployed as bug-finding tools to identify security vulnerabilities in technology systems, with recent applications extending to cryptocurrency projects like Zcash. This development demonstrates AI's practical utility in enhancing security across digital infrastructure, though it raises questions about the implications for bug bounties and vulnerability disclosure processes.

AI Is Helping Discover Tech Vulnerabilities—And Zcash Is Just the Latest Example
AINeutralarXiv – CS AI · Jun 56/10
🧠

Willing but Unable: Separating Refusal from Capability in Code LLMs via Abliteration

Researchers demonstrate 'abliteration,' a technique that removes safety guardrails from code-generating AI models to enable them to synthesize vulnerable code for security research. The method successfully bypasses refusal mechanisms while preserving code generation capability, revealing that safety alignment and technical ability are separable properties in large language models.

AINeutralarXiv – CS AI · Jun 46/10
🧠

Revisiting Vul-RAG: Reproducibility and Replicability of RAG-based Vulnerability Detection with Open-Weight Models

Researchers conducted a reproducibility study of Vul-RAG, a RAG-based framework for detecting software vulnerabilities using LLMs, and found that while results are reproducible with open-weight models, performance plateaus around 0.30 pairwise accuracy regardless of model sophistication. The findings suggest that simply scaling up model capacity does not substantially improve vulnerability detection capabilities.

AIBullisharXiv – CS AI · May 126/10
🧠

VulTriage: Triple-Path Context Augmentation for LLM-Based Vulnerability Detection

Researchers introduce VulTriage, an LLM-based framework that enhances vulnerability detection in source code through triple-path context augmentation combining control flow analysis, vulnerability knowledge retrieval, and semantic summarization. The approach achieves state-of-the-art results on benchmark datasets and demonstrates strong generalization to low-resource scenarios.

AINeutralThe Verge – AI · May 116/10
🧠

OpenAI just released its answer to Claude Mythos

OpenAI launched Daybreak, a security-focused AI initiative that proactively detects and patches software vulnerabilities using its Codex Security AI agent. The announcement directly follows Anthropic's release of Claude Mythos, positioning the two AI leaders in a competitive race to establish dominance in the emerging cybersecurity AI market.

OpenAI just released its answer to Claude Mythos
🏢 OpenAI🏢 Anthropic🧠 Claude
AIBullishDecrypt – AI · May 116/10
🧠

OpenAI Launches Daybreak as AI Firms Expand Into Cybersecurity

OpenAI has launched Daybreak, an AI-powered initiative designed to help organizations identify software vulnerabilities and enhance cybersecurity defenses. This move reflects the broader trend of AI companies expanding into enterprise security solutions, positioning artificial intelligence as a critical tool for identifying and mitigating cyber threats.

OpenAI Launches Daybreak as AI Firms Expand Into Cybersecurity
🏢 OpenAI
AIBullishArs Technica – AI · May 76/10
🧠

Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"

Mozilla has validated AI-assisted bug discovery through its partnership with Mythos, which identified 271 vulnerabilities in Firefox with minimal false positives. The organization's endorsement signals growing confidence in AI tools for security vulnerability detection, representing a shift in how major software developers approach quality assurance.

Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
AINeutralarXiv – CS AI · May 46/10
🧠

Semia: Auditing Agent Skills via Constraint-Guided Representation Synthesis

Semia is a static auditor for LLM-driven agent skills that uses constraint-guided synthesis to analyze security risks in hybrid code-and-prose configurations. Testing 13,728 real-world skills from public marketplaces, Semia identified critical semantic vulnerabilities in over half and achieved 97.7% recall, significantly outperforming existing security tools.

AINeutralcrypto.news · Apr 116/10
🧠

AI Cybersecurity Race: OpenAI Finalizes Product While Anthropic Runs Project Glasswing to Hunt Critical Vulnerabilities

OpenAI and Anthropic are escalating competition in AI-powered cybersecurity, with OpenAI finalizing a commercial security product for limited partner deployment while Anthropic operates Project Glasswing, a controlled initiative focused on discovering critical software vulnerabilities. This competitive race signals that both AI labs view cybersecurity as a strategically important application area with commercial and defensive value.

AI Cybersecurity Race: OpenAI Finalizes Product While Anthropic Runs Project Glasswing to Hunt Critical Vulnerabilities
🏢 OpenAI🏢 Anthropic
AIBullishOpenAI News · Mar 65/10
🧠

Codex Security: now in research preview

Codex Security, an AI-powered application security agent, has launched in research preview to help developers detect, validate, and patch complex vulnerabilities. The tool analyzes project context to provide more accurate security assessments with reduced false positives.

AIBullisharXiv – CS AI · Mar 37/1010
🧠

Inference-Time Safety For Code LLMs Via Retrieval-Augmented Revision

Researchers developed a new inference-time safety mechanism for code-generating AI models that uses retrieval-augmented generation to identify and fix security vulnerabilities in real-time. The approach leverages Stack Overflow discussions to guide AI code revision without requiring model retraining, improving security while maintaining interpretability.

AI × CryptoBearishCoinTelegraph – AI · Mar 37/107
🤖

OpenZeppelin finds data contamination in OpenAI’s EVMbench

OpenZeppelin discovered significant flaws in OpenAI's EVMbench dataset, including data contamination from training leaks and at least four incorrectly classified high-severity vulnerabilities. This finding raises concerns about the reliability of AI tools used for blockchain security auditing.

OpenZeppelin finds data contamination in OpenAI’s EVMbench
AIBullisharXiv – CS AI · Mar 27/1015
🧠

Learning to Generate Secure Code via Token-Level Rewards

Researchers have developed Vul2Safe, a new framework for generating secure code using large language models, which addresses security vulnerabilities through self-reflection and token-level reinforcement learning. The approach introduces the PrimeVul+ dataset and SRCode training framework to provide more precise optimization of security patterns in code generation.

AIBullisharXiv – CS AI · Mar 26/1012
🧠

Enhancing Continual Learning for Software Vulnerability Prediction: Addressing Catastrophic Forgetting via Hybrid-Confidence-Aware Selective Replay for Temporal LLM Fine-Tuning

Researchers developed Hybrid Class-Aware Selective Replay (Hybrid-CASR), a continual learning method that improves AI-based software vulnerability detection by addressing catastrophic forgetting in temporal scenarios. The method achieved 0.667 Macro-F1 score while reducing training time by 17% compared to baseline approaches on CVE data from 2018-2024.

← PrevPage 2 of 2