Mobile Hacking Conference Talks

 SAST-Genius:
A hybrid LLM framework for code scanning and security

By Vaibhav Agrawal

Static Application Security Testing (SAST) has long served as a foundation for the "shift-left" approach in cybersecurity, but it often amasses false positives that can drain engineering time and resources.

Concurrently, Large Language Models (LLMs) have rapidly emerged as transformative tools in code and software engineering. But LLMs on their own, can be slow and unpredictable.

We merged the speed of SAST with the context understanding and reasoning of LLMs for code scanning and security and the results were very interesting.

We will walk through our experimental framework applied across 25 open-source projects, demonstrating how this synergy resulted in a 91% reduction in false positives.

Attendees will leave with a practical understanding of how to balance traditional security heuristics with generative AI to build a more accurate, code scanning pipeline.

Thank you!
Bio

Vaibhav Agrawal

Vaibhav Agrawal is a senior security engineer at Google specializing in software, mobile and AI/Large language model (LLM) security. He currently leads security for the Fitbit ecosystem and has also led security for the Google Home division.

His responsibilities include security architecture, design reviews, driving security testing initiatives that safeguard critical business assets containing data of millions of users.

Beyond his corporate role, Vaibhav is a dedicated contributor to the open-source community, a volunteer and a speaker at international security conferences such as BSides.
Write your awesome label here.

Register here: