For at least a few years (since before COVID), in my circle everbody wants an AI tool that finds vulnerabilities in binaries. I have my reservations about such a tool because of my perception that AI is overhyped, so I decided to build one myself to see how useful it could be (or not).

I was actually kinda surprised how well it worked for my collection of binaries with known CVEs. It definitely has false positives and negatives, as any static analysis tool would, but I think its actually somewhat usable. I dont think the results are super actionable, but interesting nonetheless. I still think the AI hype can be out there sometimes, but this project taught me a lot about the subject and forced me to think in ways that I wouldn't normally when doing RE/VR/program analysis.

Right now, this is just a side project. It only looks for buffer overflows for now (still a common bug, believe it or not). I dont know if I'll expand this to more vulnerability types, work on trying to reduce the false positives, or if I'll even keep this going long term. Hoping to get some opinions on where to go next and find the bugs.