Travis Lowe

What you will learn:

Vulnerability research is an extremely labor-intensive discipline in cybersecurity. Modern software poses a significant challenge, with codebases encompassing millions of lines and complex, fast-evolving attack surfaces that outpace manual analysis. Consequently, traditional vulnerability research faces a difficult choice: either conduct deep analysis over a narrow scope or achieve shallow coverage across a broad attack surface. Large Language Models (LLMs) show great promise due to their remarkable capabilities in code comprehension, pattern recognition, and technical reasoning. However, a naive application of LLMs to security research often yields unreliable results. Models may hallucinate vulnerabilities, overlook essential context, or fail to rigorously validate their findings. The central issue is not if AI can aid vulnerability research, but rather how to structure that assistance to genuinely enhance human expertise without replacing human judgment. In this talk we will share with you our journey that started with creating a reliable autonomous software development infrastructure and how we applied what we learned in order to create a nearly fully-automated vulnerability research and exploit development platform that also creates actionable detections for our product.