Source code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace how data moves through it, and produce working exploit code for the vulnerabilities it confirms. Their open-source tool, called Sandyaa, was released under an MIT license. How the auditor operates Sandyaa accepts either … More
The post Sandyaa: Open-source autonomous security bug hunter appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: