Conference:
IEEE International Conference on Cyber Security and Resilience (IEEE CSR 2026)
3-5. August 2026, Lisbon, Portugal
Authors:
Agbo E, Astekin M, Nguyen M, Goknil A.
Abstract:
Static Application Security Testing (SAST) tools are widely used in DevSecOps pipelines, but their effectiveness is often limited by brittle rule specifications, high false-positive rates, and limited contextual understanding of library and API usage. These challenges are particularly pronounced in dynamically typed languages such as Python, where manually curated source–sink specifications are difficult to maintain. We present Context Guardian, a hybrid vulnerability detection framework that integrates Large Language Models (LLMs) with static taint analysis to improve context-aware security analysis of Python applications. Context Guardian infers candidate source and sink nodes by analyzing import–attribute usage patterns extracted from the program’s abstract syntax tree and classifying them using LLM reasoning. A static taint analysis engine then discovers potential data flows, after which an LLM performs semantic triage to filter benign flows and retain high-confidence vulnerabilities. This design combines the scalability of static analysis with the contextual reasoning capabilities of LLMs. We evaluate Context Guardian on a benchmark of Python projects containing paired vulnerable and hardened implementations across four OWASP Top 10 injection-related weaknesses (CWE-78, CWE-79, CWE-89, and CWE-94). The results show that Context Guardian achieves higher precision, recall, and F1-score than three widely used SAST tools (CodeQL, Bandit, and Snyk) while substantially reducing false positives.
