Finding Security Bugs in OSS with LLMs on a Budget
Nicholas Carlini discussed a method for automating the search for security vulnerabilities in code repositories using language models. He proposed a costly brute-force approach that, while effective, is not feasible for most open-source projects. An alternative, heuristic-based method was tested on the Umbraco-CMS project, yielding significant results at a fraction of the cost.
- ▪Nicholas Carlini presented a technique for finding security vulnerabilities using Anthropic's Claude models.
- ▪His brute-force method could cost around $40,000 for a large codebase like the Linux Kernel.
- ▪A heuristic-based approach was tested on Umbraco-CMS, costing less than $20 and identifying 20 potential vulnerabilities.
Opening excerpt (first ~120 words) tap to expand
Carlini-style software vulnerability hunting, on a budget Finding Security Bugs in Umbraco-CMS with LLMs for 1% of the Cost Nicholas Carlini did a talk a few weeks ago at [un]prompted 2026. In it, he describes how Anthropic have been using their Claude 4.5 & 4.6 series models to automate searching for security issues in repositories. He’s had some success, and managed to get a few new CVEs to his name with the technique. While novel, Carlini’s approach, as described, is an expensive way to search for bugs. I think that using a heuristics based approach to pre-search the codebase for interesting files before hunting, we can reduce the cost of his technique by 99% or more, while retaining most of the benefits.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Etive-mor.
Discussion
0 commentsMore from Etive-mor
