An Exciting New Chapter in Security Research

How AI is reshaping vulnerability research and the future of system security

I've written my fair share of blog posts, but I think this is the first one about me - it's surprisingly harder than writing about kernel internals. From a young age I've been interested in computers and understanding how they work, so security research for me was a natural progression - you get to enjoy the process of learning how something works and then the reward of exercising that knowledge by trying to poke holes in it.

I was very fortunate to figure out how much I enjoyed this early on; since then I've spent my career trying to understand and break complex systems, focusing on OS internals - Linux/Android, iOS, embedded systems and dare I say it, even some Windows (forgive me).

However, security research is more than just a fun job, it's one that can have real impact. Vulnerabilities, when exploited by malicious actors, have the ability to affect the real world and real people. To be able to work in a space where we can help stop that, and have fun in the process, is pretty cool if you ask me.

A Changing Security Landscape

The industry is constantly changing - attackers and defenders have to evolve, as they play out this cat-and-mouse game of system security. The use of Large Language Models (LLMs) in security feels like another step in this evolution.

In some ways it reminds me of fuzzing and how that changed the security landscape, for example when syzbot, an automated system for fuzzing the Linux kernel at scale, debuted in ~2017 it quickly generated large volumes of bugs. This required both maintainers and researchers to adapt to the at scale fuzzing. Now, syzbot is a valuable tool in the Linux development cycle and security researchers are still finding vulnerabilities in the kernel - by extending and tuning their own fuzzers or finding complex bugs that fuzzers struggle to find.

LLMs in Security Research

We're seeing a similar surge in vulnerability reports now, driven by LLM adoption into security research workflows, much like fuzzing. In fact, in my other tab right now, I have a dashboard for our internal LLM-driven pipeline at Bynario - recently it successfully discovered, validated via proof-of-concept and patched a kernel use-after-free (don't worry, I'm sure I'll post about it at some point too!).

Like fuzzers, they can generate a lot of noise if fired blindly at a target - hallucinated bugs, inflating non-security issues, and exploring unreachable paths  [1]. Not to mention the fact that inefficiencies in how LLMs are tasked cost time and money, hindering scaling workflows.

However, also like fuzzers, we can use our domain expertise to tune and guide LLMs - via specialised harnesses, prompting, context management - to reduce noise, decrease inefficiencies and distil our experience as security researchers.

That said, I'm not saying LLMs are just natural language fuzzers, there's certainly more nuance than that and they no doubt bring with them new challenges and possibilities.

A key skill, in my opinion, for security research is curiosity, and while LLMs may not be as curious, they do encourage curiosity and experimentation, ideas that may previously have been put off due to time constraints can be implemented in a moment's notice.

That rapid development is a double-edged sword though, as we're seeing more and more production code being deployed with minimal or no human review; the long-term impact of this will have on code security remains to be seen.

Looking Ahead at Bynario

It seems clear to me we're at another turning point in the cat-and-mouse game of security and I'm excited to be able to work at the intersection of AI and security with Bynario.

As Head of Vulnerability Research, I look forward to leading efforts in this space with a strong team, exploring how AI - combined with deep domain expertise - can be leveraged to tackle complex security problems autonomously and at scale.

At Bynario, our goal is not just to find vulnerabilities, but to help improve the security of the systems we rely on every day. By combining autonomous approaches with domain expertise, we aim to reduce the gap between discovery and remediation, helping teams prioritise real security issues over noise and ultimately raising the baseline of software security.