Susheng Wu

LLMs can find more real-world code vulnerabilities if you give them a better program representation that combines static analysis with semantic inference, and guide their reasoning with vulnerability-specific meta-prompts.

Multi-component attacks on MCP servers, which connect LLMs to external tools, are far more effective than single-component attacks, highlighting a critical vulnerability in LLM tool integration.