Cybersecurity plays a pivotal role in safeguarding the integrity and reliability of critical systems—spanning healthcare, commerce, transportation, and power infrastructure. Yet software security teams are often critically underfunded and understaffed, given the breadth and complexity of our software infrastructure. Recently, large language models (LLMs) have proven to be a transformative technology that is reshaping how we interact with software. In this article, we explore how LLMs can be leveraged to holistically address longstanding challenges in cybersecurity. We start with a discussion on the structure of a cyber reasoning system (CRS) that can both detect and repair vulnerabilities in software autonomously . We follow up by examining LLMs’ strengths in aiding program analysis within such a system, finding that LLM-assisted analyses can accomplish several difficult analysis tasks, such as extrapolating developer intent, filtering or augmenting the output of traditional analysis tools, or even solving complex multilingual constraints. Lastly, we discuss the current challenges and limitations in constructing a composite system that can leverage these components. We hope this article can provide insights into the evolving role of LLMs and inspiration in shaping the future of software security.
Wolff et al. (Tue,) studied this question.