Knostic's OpenAnt, the first and leading open source LLM vulnerability discovery project, is now on arXiv.
Traditional static analysis produces too many false positives because fuzzing requires significant infrastructure and covers a narrow class of bugs and LLMs can reason semantically about code, but applying them at repository scale introduces real problems: context management, cost, and verification.
OpenAnt is our answer to that.
The paper, written by researcher Nahum Korda and Knostic co-founder Gadi Evron, describes a multi-stage pipeline that combines static program analysis with LLM-based reasoning. Three techniques drive it:
- Decomposing codebases into reachability-filtered analysis units (reducing the attack surface by up to 97%)
- Adversarial verification that simulates exploitability under realistic attacker constraints,
- Dynamic validation that generates exploit environments in sandboxed containers and discards them after use.
Evaluated on OpenSSL, WordPress, and Flowise, the system identifies previously unknown vulnerabilities while keeping costs manageable and false positives substantially reduced.
→ Read the paper: arxiv.org/abs/2606.19149
→ Get the tool: github.com/knostic/OpenAnt
→ Free scan for your open source project: knostic.ai/blog/oss-scan
→ OpenAnt managed waitlist: knostic.ai/openant
If you'd like to secure your agents, coding assistants, and their supply chain — extensions, skills, MCP servers, and more — see what we do at Knostic.
