Knostic's OpenAnt, the first and leading open source LLM vulnerability discovery project, is now on arXiv.
Traditional static analysis produces too many false positives because fuzzing requires significant infrastructure and covers a narrow class of bugs and LLMs can reason semantically about code, but applying them at repository scale introduces real problems: context management, cost, and verification.
OpenAnt is our answer to that.
The paper, written by researcher Nahum Korda and Knostic co-founder Gadi Evron, describes a multi-stage pipeline that combines static program analysis with LLM-based reasoning. Three techniques drive it:
Evaluated on OpenSSL, WordPress, and Flowise, the system identifies previously unknown vulnerabilities while keeping costs manageable and false positives substantially reduced.
→ Read the paper: arxiv.org/abs/2606.19149
→ Get the tool: github.com/knostic/OpenAnt
→ Free scan for your open source project: knostic.ai/blog/oss-scan
→ OpenAnt managed waitlist: knostic.ai/openant
If you'd like to secure your agents, coding assistants, and their supply chain — extensions, skills, MCP servers, and more — see what we do at Knostic.