Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours.  These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Remote Code Execution (RCE), Insecure Direct Object Reference (IDOR), and Arbitrary File Overwrite (AFO).  Vulnhuntr is a security tool that utilizes Large Language Models (LLMs) to discover remotely exploitable vulnerabilities in Python codebases, which overcomes limitations of context window size in LLMs by analyzing code in small chunks and intelligently requesting relevant parts.  entire call chain It then reconstructs the call chain from user input to server output to confirm vulnerabilities by employing various prompt engineering techniques to guide the LLM toward a comprehensive analysis.  While currently limited to Python and focusing on specific vulnerabilities, it offers a significant improvement over static code analyzers in identifying complex multi-step vulnerabilities with minimized false positives and negatives. Researchers explored retrieving Augmented Generation (RAG) and fine-tuning large language models (LLMs) to identify vulnerability call chains in code.  MyClass code RAG proved inaccurate due to ambiguity in function names, while fine-tuning models yielded high false positives and struggled with multi-file vulnerabilities, while static parsing, particularly for dynamically typed languages like Python, presented challenges due to runtime modifications and limitations of static analysis tools.  The solution involved providing the LLM with the exact line of code where a function is called, along with the function name, which allows for targeted file and function location within the project, improving call chain accuracy.  The slight variation turns it from blind SSRF into nonblind SSRF.

Source: GBHackers