Goshawk is a static analyze tool to detect memory corruption bugs in C source codes. It utilizes NLP to infer custom memory management functions and uses data flow analysis to abstract their behavi…

A security scanner for your LLM agentic workflows

A lightweight, continuously-updated catalog of research papers on AI agents.

Model Context Protocol(MCP) 编程极速入门

YASA-UAST is an intermediate representation structure for multi-language program analysis. The UAST-Parser parses code from different programming languages into a unified abstract syntax format.

Using SVF in Python Projects

a greybox fuzzer compatible with AFL-like instrumentations written in Python

An autonomous LLM-agent for large-scale, repository-level code auditing

Fusing automated UI testing with scripts for effectively fuzzing Android apps

Framework for Automating Fuzzable Target Discovery with Static Analysis.

CKGFuzzer: LLM-Based Fuzz Driver Generation Enhanced By Code Knowledge Graph

SWE-agent takes a GitHub issue and tries to automatically fix it, using your LM of choice. It can also be employed for offensive cybersecurity or competitive coding challenges. [NeurIPS 2024]

A reading list for MLSecOps!

A lightweight monitoring tool that leverages OS-level strace alongside Python audit hooks to detect sensitive operations during ML model execution.

🙌 OpenHands: Code Less, Make More

Dafny is a verification-aware programming language

The Rocq Prover is an interactive theorem prover, or proof assistant. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environmen…

A curated list of awesome resources about LLM supply chain security (including papers, security reports and CVEs)

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

Property-based Testing for Mobile GUI Apps

DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection (RAID 2023) https://surrealyz.github.io/files/pubs/raid23-diversevul.pdf

Reverse Engineering: Decompiling Binary Code with Large Language Models

A GPT-empowered penetration testing tool

A language for constraint-guided and efficient LLM programming.

aider is AI pair programming in your terminal

UBGen can generate programs with undefined behaviors (e.g., buffer-overflow, use-after-free, etc.)