llm-kb
← Back to releases
Tool Release

LVRP: Open-source local vulnerability research pipeline uses 14B code LLM for exhaustive source-to-sink analysis

A new open-source tool called LVRP (Local Vulnerability Research Pipeline) uses a 14B code-specialized LLM to exhaustively analyze source code for vulnerabilities. It combines code graph and LLM hybrid architecture to enumerate and validate all source-to-sink paths, scaling from small scripts to large codebases like the Linux Kernel and VSCode.

45 engagement·1 source·Thu, Jul 9, 2026, 09:18 AM
The Local Vulnerability Research Pipeline (LVRP) is a fully local, open-source tool that performs exhaustive whitebox vulnerability research. It uses a 14B code-specialized LLM to review every source file. The hybrid architecture combines a code graph with LLM-driven analysis to enumerate and validate all source-to-sink paths. It scales from small scripts to enterprise codebases, including the Linux Kernel, VSCode, Microsoft Agent Framework, and GitHub Desktop. The pipeline parses source code and finds every valid vulnerability through exhaustive enumeration.

Entities

LVRP(tool)14B code-specialized LLM(model)GitHub(company)theteatoast(person)

Related

ProductSun, Jul 12, 2026, 03:22 PM

CodeInspectus: open-source security scanner for AI-generated code

CodeInspectus is a fully open-source, local security scanner that checks AI-generated code for vulnerabilities. It covers 32 checks (13 AI-specific + 19 SAST) and 200+ secret/API-key patterns, catching issues like hardcoded secrets in client-side code, exposed API keys, and insecure RLS policies. It helps developers secure projects built with LLM-generated code.

1 engagement·1 source·reddit
ProductSun, Jul 12, 2026, 10:22 AM

Structurally enforced Clean Architecture for LLM-driven development

A framework that makes Clean Architecture's dependency rule structurally unbreakable, similar to OS kernel isolation. It ensures that code layers cannot violate inward-only dependencies at compile time, which is particularly useful for LLM-generated code where conventional review may be unreliable. Targets developers using LLMs to generate or modify codebases.

3 engagement·1 source·reddit
Tool ReleasefeaturedSun, Jul 5, 2026, 03:20 PM

RightNow AI releases 'Auto' compiler that records LLM agent behavior into verified WASM binaries

RightNow AI introduced Auto, a compiler that records LLM agent behavior, identifies repeatable patterns, and compiles them into verified, sandboxed WebAssembly binaries that run for microdollars. The system includes a tiered runtime that falls back to frontier models for novelty and recompiles results, aiming to eliminate re-solving the same tasks. A paper detailing the approach is available on arXiv.

74 engagement·1 source·github
CommunitySat, Jul 11, 2026, 11:44 PM

Software engineer publishes final part of LLM-from-scratch series covering inference and decoding

A software engineer published the fourth and final part of a blog series explaining LLMs from the ground up, focusing on token-by-token generation, KV cache, and decoding strategies (temperature, top-k, top-p). The series aims to help other software engineers understand the internals of LLMs.

3 engagement·1 source·reddit
ProductSat, Jul 11, 2026, 06:40 AM

Enola: engineering intelligence layer for AI coding agents

Enola is an open-source engineering intelligence layer that helps AI coding agents understand existing codebases. It answers questions about change impact, dependency reachability, safe module deletion, refactoring priorities, and architecture drift. The tool uses LLMs to analyze code context and provide insights that reduce mistakes from both humans and AI agents.

4 engagement·1 source·reddit