Small and Medium-sized Enterprises (SMEs) are often easy targets for attackers due to their limited budgets and lack of specialized security personnel. To bridge this capability gap, we are developing an AI Security Consultant as a cost-effective alternative to expensive human security consultants.

Fuzzing is a proven technique for uncovering vulnerabilities, but libraries remain hard to fuzz due to the need for specialized drivers. Manual drivers are costly and stall at coverage plateaus, while automated solutions often waste effort on invalid code paths. libErator builds API chains from static analysis, probes them, and crucially learns from rejection by avoiding invalid sequences in future attempts. This feedback-driven approach rapidly converges on valid, diverse drivers, balancing generation and testing. Across 15 C libraries, libErator uncovered 24 confirmed bugs.

As Large Language Models (LLMs) become embedded in products and services, their reliance on vast, often opaque training data raises pressing risks around safety, intellectual property, and trust. A central question for privacy, compliance, and safe deployment is: when an LLM is reproducing memorized sequences versus generalizing?

Cybersecurity workflows often require processing long documents such as incident reports, threat intelligence, and compliance texts, where retaining full context is essential. Most NLP models are either resource-intensive (LLMs) or limited by 512-token caps (typical Hugging Face transformers), impairing document-level understanding. We present a lightweight, prompt-free approach using SetFit extended with Longformer architecture to process up to 4096 tokens. Originally developed for automated essay scoring, the method transfers effectively to security applications while requiring far less GPU power, making it suitable for low-data or privacy-sensitive environments. Released on Hugging Face with 6,000+ downloads in the first month, our model demonstrates how small, specialized models offer scalable, cost-effective solutions for cybersecurity tasks including incident classification, compliance audits, and log analysis.

Large language models (LLMs) are increasingly used for code generation but still often introduce subtle vulnerabilities. This poses serious risks in security-critical contexts, where system failures can be catastrophic. We present TypePilot, an agentic AI framework that leverages the Scala type system to guide and verify LLM-generated code. By embedding type-driven constraints into the generation process, TypePilot mitigates issues such as input validation flaws and injection vulnerabilities. Our results show that structured, type-focused pipelines enhance the trustworthiness of automated code generation in high-assurance domains.