Bug Hunting With LLMs: Expert Tool Seeks More 'True' Flaws

Open Source 'Vulnhalla' Promises 'Up to 96% Reduction in False Positives' Mathew J. Schwartz (euroinfosec) • February 6, 2026

Every profession has its impossible dream. For software development, it's using artificial intelligence tools to automatically find, fix and help remediate code flaws.

See Also: Agentic AI and the Future of Automated Threats

Experts have found AI bug hunting so far to be doable only in very narrow and specific circumstances. But a new open source tool for vulnerability hunting called Vulnhalla may bring the impossible dream closer to realization, according to first results from experienced security researchers.

Developed by researchers at CyberArk Labs, Vulnhalla marries automated analysis of code for security flaws with a large language model, using a process called "guided questioning" to help an experienced code reviewer more quickly identify and review potential flaws. Its name is a derivation of the Norse mythological ...