We use only essential, cookie‑free logs by default. Turn on analytics to help us improve. Read our Privacy Policy.
Kenaz
Back to case studies
SecurityCode AnalysisLLMDevOpsCompliance

AI-Powered Security Scanner with 85% False Positive Reduction

Multi-layer vulnerability detection combining static analysis with LLM validation for enterprise code review.

Software SecurityOngoingSwiss AI Consultancy

Key Results

85% false positive reduction
4 languages supported
60+ page professional reports
SOC2/HIPAA/PCI-DSS mapping
Services Used:Technical Due DiligenceAI Integration

The Problem

Security scanning tools generate noise. A typical scan produces 200+ findings where 60% are false positives: test files, build artifacts, sanitized code flagged as vulnerable.

Manual triage takes hours. Developers ignore reports. Real vulnerabilities hide in the noise.

Existing solutions fall short:

  • SAST tools — High false positive rate, no context understanding
  • AI wrappers — Send your code to cloud (IP risk), shallow analysis
  • Manual review — Expensive, doesn't scale

The Solution

Multi-layer security scanner combining static analysis with AI-powered validation. The architecture processes code through four stages: parsing to intermediate representation, static scanning, heuristic filtering, and LLM validation.

The LLM layer doesn't just classify — it generates proof-of-concept exploits and validated fixes.

Technical Approach

Tree-sitter IR Engine parses code into intermediate representation for cross-file taint analysis. Tracks data flow from user input (sources) to dangerous functions (sinks).

Heuristic Filter eliminates 85% of false positives before AI sees them — build artifacts, test files with mock data, already-sanitized code patterns, framework-generated boilerplate.

LLM Intelligence Layer processes each finding that passes filters: generates proof-of-concept exploit, validates if exploit actually works, produces tested fix with explanation, maps to CWE/OWASP/compliance frameworks.

Multi-model routing directs different tasks to optimal models — Claude for architecture analysis and strategic recommendations, GPT-4 for executive summaries and business impact, Qwen for code-level exploitation scenarios.

What Gets Detected

The system covers comprehensive vulnerability categories across multiple languages:

Injection attacks — SQL injection, XSS, command injection, SSTI with Tree-sitter taint analysis and LLM exploit verification.

Authorization issues — IDOR detection through authorization check analysis and endpoint mapping.

Data handling — Secrets detection with pattern matching, entropy analysis, and context validation. Deserialization vulnerabilities in Pickle, YAML, XML parsers.

JavaScript-specific — Prototype pollution through object merge tracking.

Dependencies — CVE matching via OSV and npm audit.

Results

  • 85% false positive reduction compared to raw SAST output
  • 4 languages supported — Python, JavaScript/TypeScript, Java, PHP
  • 60+ page professional reports with executive summary, exploitation scenarios, remediation roadmap
  • Compliance mapping to SOC2, HIPAA, PCI-DSS frameworks

Why It Works

Precision over recall — better to miss edge cases than drown in false positives.

AI validates, doesn't guess — LLM sees only pre-filtered findings with full context.

Exploit-driven verification — if we can't generate a working PoC, it's probably not exploitable.

Cross-file awareness — real vulnerabilities often span multiple files.

This tool powers our Technical Due Diligence service for M&A and investment analysis.

Have a similar challenge?

Let's discuss how we can help. Free consultation, no obligations.

Book a Call