Russian and Kazakh researchers have created an innovative methodology for finding vulnerabilities in code using artificial intelligence. It works faster and more efficiently than traditional static code analyzers, according to Sberbank's press service.
This work makes a significant contribution to the development of technologies at the intersection of artificial intelligence and cybersecurity, offering an effective tool for finding vulnerabilities in digital infrastructure. In the era of digital transformation, such technologies are becoming strategically important for protecting customer data and business processes.
Software developers use static analyzers to check security. These are algorithms that analyze each line of code, their sequences, and the entire project as a whole. These tools check the code for compliance with the norms and practices of programming languages. However, creating such systems requires a lot of time and resources, so scientists are looking for more efficient methods.
Researchers from the Center for Practical Artificial Intelligence at Sberbank, together with colleagues from Russia and Kazakhstan, have created a method that allows the use of large language models for writing code. In the course of the study, they used the WizardCoder neural network, pre-trained on an extensive data set. The model was then fine-tuned to find only errors in the code.
Experts note that when creating this system, they significantly improved the quality of training data. They selected only those examples where there are definitely vulnerabilities in the code. The developers were also able to find the optimal number of examples for each stage of training. This made it possible to speed up the fine-tuning process by about 13 times. As a result, scientists have created an AI system that significantly outperforms other large language models in its ability to find and mark potential vulnerabilities.
Experts created a set of Java code snippets to test the new system. They marked vulnerabilities more accurately than in other open sources. Tests showed that the system identifies vulnerabilities better compared to existing AI approaches. In simple cases, it surpassed them by 4-5%, and in complex cases by 22%. This confirms the effectiveness of large language models for code analysis.
Earlier at the GigaConf 2025 conference, SberTech presented GigaStudio, an innovative tool for creating web applications using generative AI. The solution works in dialogue mode: the user describes their idea in a text request, and the system automatically generates a working prototype.
Read more materials on the topic:
Cloud service for warehouse logistics with AI analytics presented at NSTU
