OpenAnt: LLM-Powered Vulnerability Discovery Through Code Decomposition, Adversarial Verification, and Dynamic Testing
- company Apache
- lab OpenAnt
- location arXiv
- location arXivLabs
- model OpenAnt
- product Flowise
- product OpenSSL
- product WordPress
A new open-source system called OpenAnt uses large language models to find previously unknown vulnerabilities in large codebases, its creators report. The system combines static analysis with LLM reasoning and automated exploit testing to cut false positives while keeping costs manageable [1]. The system, detailed in a paper posted to arXiv, introduces a multi-stage pipeline that first decomposes a codebase into self-contained analysis units. It filters these units by reachability from external entry points, a step that reduces the analysis surface by up to 97% while preserving attack-relevant code [1]. This decomposition addresses a core challenge of applying LLMs to repository-scale security work: the models struggle with context management and incur high costs when fed entire codebases [2]. After decomposition, candidate vulnerabilities pass through adversarial verification. The language model simulates a remote attacker operating under realistic constraints — browser-only access, no server-side privileges, and no administrative credentials — and must reason about concrete exploitation paths while accounting for barriers such as authentication mechanisms and input validation [3]. Findings that survive this stage then undergo dynamic verification. The system automatically constructs vulnerability-specific exploit environments from first principles, including attack code and monitoring components, executes them in sandboxed Docker containers, and discards all artifacts afterward [4]. This ephemeral execution design produces concrete evidence of exploitability without maintaining a persistent library of exploit templates [4]. The researchers evaluated OpenAnt on widely used open-source projects including OpenSSL, WordPress, and Flowise [1]. The architecture identified previously unknown vulnerabilities while substantially reducing false positives compared to traditional static analysis, which is known for high false-positive rates [2]. Dynamic approaches such as fuzzing, by contrast, require substantial infrastructure and often target narrow classes of bugs [2]. OpenAnt is released under the Apache 2.0 license and its source code is publicly available on GitHub [1]. The release adds to a growing body of work on automated proof-of-concept generation. Other recent systems, such as AnyPoC, have explored multi-agent frameworks that decompose PoC generation into specialized agents for analysis, generation, and validation, with self-evolving knowledge bases to adapt to different codebases [6]. Similarly, PoVSmith has demonstrated agent-based generation of proof-of-vulnerability tests as JUnit tests, using iterative self-critique loops to refine outputs [5]. The OpenAnt authors argue that closed-loop vulnerability discovery pipelines — those combining semantic reasoning with exploit validation — provide a practical path toward scalable automated security analysis [1].
commentarysafety-researchtool-releasemodel-releaseresearch-paper
Background sources we checked (10)
- arxiv.org ↗ Automated vulnerability discovery in large codebases remains challenging: traditional static analysis produces high false-positive rates, while dynamic approaches such as fuzzing require substantial infrastructure and often target narrow classes of bugs. Recent advances in large …
- arxiv.org ↗ We present OpenAnt, an open-source vulnerability discovery system that integrates static program analysis with LLM-based reasoning in a multi-stage pipeline. OpenAnt introduces three key techniques. First, codebases are decomposed into self-contained analysis units filtered by re…
- arxiv.org ↗ We present OpenAnt, an open-source vulnerability discovery system that integrates static program analysis with LLM-based reasoning in a multi-stage pipeline. OpenAnt introduces three key techniques. First, codebases are decomposed into self-contained analysis units filtered by re…
- arxiv.org ↗ bridge the gap between ... ’ need and current tool limitation, we introduce PoVSmith, an approach to generate PoV tests as JUnit tests customized for Java ... Figure 2, PoVSmith has four phases: call path analysis, PoV test generation, test execution, and test evaluation. ... Giv…
- arxiv.org ↗ To tackle these challenges, we present AnyPoC, a novel multi-agent framework for automated PoC generation with a self-evolving knowledge base (KB), detailed in § 4. We carefully decompose the PoC generation task into several dedicated agents: analyzer, generator, validator, and k…
- arxiv.org ↗ Technical Debt (TD) refers to the long-term costs incurred when developers prioritize short-term delivery over quality-improving work. Architectural Technical Debt (ATD) arises when architectural decisions (e.g., technology choices, patterns, or decomposition) prioritize near-ter…
- arxiv.org ↗ The primary goal of bug prediction is to optimize testing efforts by focusing on software fragments, i.e., classes, methods, commits (JIT), or lines of code, most likely to be buggy. However, these predicted fragments already contain bugs. Thus, the current bug prediction approac…
- arxiv.org ↗ In issue tracking systems, each bug is assigned a priority level (e.g., Blocker, Critical, Major, Minor, or Trivial in JIRA from highest to lowest), which indicates the urgency level of the bug. In this sense, understanding bug priority changes helps to arrange the work schedule …
- arxiv.org ↗ In this manuscript, we introduce a semi-automatic scene graph annotation tool for images, the GeneAnnotator. This software allows human annotators to describe the existing relationships between participators in the visual scene in the form of directed graphs, hence enabling the l…
- arxiv.org ↗ Wax is what you put on a surfboard to avoid slipping. It is an essential tool to go surfing... We introduce WAX-ML a research-oriented Python library providing tools to design powerful machine learning algorithms and feedback loops working on streaming data. It strives to complem…