Research
Chai: Agentic Discovery of Cryptographic Misuse Vulnerabilities Without Instrumentation
AI-assisted vulnerability discovery works well for classes like memory safety where instrumentation confirms violations and filters false positives, but cryptographic misuse lacks any comparable signal. Chai is an AI system that discovers and validates crypto-misuse vulnerabilities using naturally occurring signals rather than runtime instrumentation. It extends agentic vuln-hunting to a dangerous bug class that has resisted automation, relevant to anyone building security-review agents.
↳ Follow the thread