AI-powered vulnerability detection & automated secure code fixing
The AI Secure Coding Advisor is an intelligent system that:
- Detects vulnerabilities in source code
- Explains why code is insecure
- Suggests secure fixes automatically
It combines:
- Static analysis
- Large Language Models (LLMs)
- Real-world datasets
The system provides context-aware security insights and targets vulnerabilities such as injections, hardcoded secrets, and weak cryptography.
Modern development suffers from:
- Late vulnerability detection
- Static tools without context
- High false-positive rates
This makes real threats difficult to identify and fix efficiently.
- Build a static analyzer + LLM layer
- Train models on real datasets
- Provide a CLI tool
- Develop an IDE plugin
- NIST datasets
- OWASP Benchmark
- Open-source repositories
- AST-based static analysis
- Rule-based detection
- LLM reasoning
- Python REST API
- CLI tool
- VS Code extension
- Open CLI or IDE plugin
- Select code/project
- Start analysis
- Receive vulnerability report
- Select vulnerability
- View details (type, CWE, severity)
- Review suggested fix
- Apply manually or use auto-fix
- Developer receives real-time warnings
- Student understands why code is insecure
- Junior developer gets auto-fix suggestions
- Security analyst sees risk scores
- Team lead manages findings as To-Do or Ignore
- Backend: Python (Flask)
- Static Analysis: AST + rule-based analysis
- AI Layer: LLM integration
- IDE Plugin: VS Code (TypeScript)
- Data Sources: NIST, OWASP, GitHub
- Full IDE integration
- Better LLM fine-tuning
- Real-time scanning
- Expanded CWE coverage
- Simon Pakhtusov
- Denis Rozhansky
Computer Science Students (Bar-Ilan University)
Unlike traditional tools, this system:
- β Understands context
- β Provides real fixes
- β Reduces false positives
- β Is designed for AI training and real usage