AIAny
AI Agent2025
Icon for item

DeepAudit

Audits source code for security flaws using LLM agents, then auto-generates and runs proof-of-concept exploits in Docker sandboxes to confirm which findings are real. Retrieves CWE/CVE knowledge via RAG; runs on hosted or local Ollama models.

Introduction

Most security scanners are judged by what they find; the harder problem is proving a finding is actually exploitable rather than noise. DeepAudit's bet is that an LLM can do both halves — reason about code like a reviewer, then write and detonate a proof-of-concept to settle the question. Its closed-source predecessor reportedly surfaced 49 CVEs and 6 GHSA advisories across 17 projects, which says less about the model and more about closing the loop between detection and verification.

What Sets It Apart
  • It verifies, not just flags. Each candidate vulnerability is handed to a sandbox where the system auto-generates and runs a PoC inside Docker; what survives is exploitable, not theoretical. That directly attacks the false-positive fatigue that kills most SAST adoption.
  • Roles, not one mega-prompt. Separate Orchestrator, Recon, Analysis, and Verification agents divide the work, so reasoning about a large codebase is staged instead of crammed into a single context window.
  • RAG over CWE/CVE, not just pattern rules. Retrieval grounds the analysis in known weakness classes, helping it explain why something is a vulnerability rather than matching a regex.
  • Model-agnostic and self-hostable. OpenAI, Claude, Gemini, DeepSeek, and Qwen all plug in, and Ollama lets you keep proprietary source code on-prem.
Who It's For

Great fit if you maintain open-source or internal codebases and want a triage layer that filters noise by actually attempting exploitation, or if you need on-prem auditing where source code can't leave the building. Look elsewhere if you want a mature, battle-tested commercial scanner with support SLAs — this is a young open-source release whose results depend heavily on the LLM you wire in, and sandboxed PoC execution adds Docker, Postgres, and Redis to your operational footprint.

Information

  • Websitegithub.com
  • Authorslintsinghua
  • Published date2025/09/19

Categories

More Items

Turns fragile, implicit search progress into explicit, persistent, shared state for multi-agent information seeking — externalizes progress as Frontier Task, Evidence Graph, Coverage Map and Failure Memory, and uses pipeline-parallel scheduling plus a middleware harness to avoid repeated failed searches and improve utilization and throughput.

GitHub
AI Agent2026

Provides a lightweight Python harness that turns LLMs into working agents with tool-use, skills, persistent memory, permission controls and multi-agent coordination. Ships with a CLI/React TUI, 43+ built-in tools, a plugin/skill system and the ohmo personal-agent for chat gateways. Best for developers prototyping agent workflows and multi-agent experiments.

GitHub
AI Client2025

Turns Chromium into a local-first AI browser with an embedded assistant that can summarise pages, extract structured data, automate web tasks, and run scheduled agents. Built as an open-source Chromium fork with 53+ built-in browser tools, 40+ app integrations, and support for BYO AI keys or fully local models (Ollama / LM Studio).