2026 Project

VulnSeeker: CodeQL and LLM Security Analysis

An automated security analysis pipeline that combines CodeQL static analysis and LLM-based vulnerability judgement.

CodeQLProgram AnalysisLLM Security

VulnSeeker explores how static program analysis and LLM reasoning can be combined for automated security assessment.

Key components:

  • CodeQL-based vulnerability detection;
  • automated expansion of relevant external function context;
  • prompt workflows for CodeQL and LLM interaction;
  • structured security judgement states;
  • combined assessment from static rules and model classification.

This project should be highlighted for AI security applications because it connects research ideas with a practical code-analysis workflow.