Talk at DevDay 2025
With AI for Accurate Code Analysis – Potentials of LLMs in SAST
About the talk
Tools for Static Analysis Security Testing (SAST) have long been a proven solution in the software development process thanks to their high degree of automation and comparatively low operating costs. Despite their popularity, these tools continue to face major challenges, in particular a high number of false alarms (false positives) and the tendency to overlook certain security gaps.
At mgm security partners, we are exploring how Large Language Models (LLMs) can help overcome these weaknesses. Our research focuses on two key areas:
- Filtering False Alarms: LLMs can intelligently review SAST results and filter out false alarms. This allows security teams to focus on the relevant findings.
- Recognizing What SAST Overlooks: Through the contextual understanding of LLMs, we are also testing the extent to which they themselves can be used as a new type of SAST solution for discovering security problems that conventional tools often overlook.
We recently presented our progress to date at DevDay 2025, an annual tech community event in Da Nang, Vietnam. Our session had over 40 participants, including IT professionals from various software companies and students from local technical colleges. It was a great opportunity to exchange ideas and get valuable feedback from the community.
We look forward to further exploring the boundaries of AI in cybersecurity and are excited to see where this technology will lead us.
Stay tuned for more insights into our research!
