Home / Articles
| Real Time Code Vulnerability Detection Using Large Language Models |
|
|
Author Name Ruthrapriya R , Department of Software Systems Sri Krishna College of Arts and Science, Coimbatore, Tamil Nadu, India Abstract The rapid growth of software systems has amplified the risk of security vulnerabilities that can be exploited by malicious actors. Traditional static analysis tools, while functional, suffer from high false-positive rates, lack of contextual understanding, and inability to detect semantically complex vulnerabilities. This paper presents VulnScan-LLM, an integrated development environment (IDE) plugin that leverages a fine-tuned CodeBERT large language model (LLM) to perform real-time vulnerability detection as developers write code. The system is trained on 87,000 labeled samples from the Juliet Test Suite and 14,500 real-world Common Vulnerabilities and Exposures (CVE) patches, enabling detection of all OWASP Top 10 vulnerability categories including SQL Injection, Cross-Site Scripting (XSS), insecure deserialization, and broken authentication. Experimental evaluation on a held-out test set of 9,400 samples achieves 91.7% precision and 88.4% recall at a median inference latency of 87ms on CPU hardware. A controlled developer study (n=24) demonstrates a 63% reduction in mean time-to-fix (MTTF) security defects compared to the SonarQube baseline. The system provides natural language remediation suggestions via a GPT-4-mini completion layer, making security guidance actionable and developer-friendly. Keywords—Vulnerability Detection, Large Language Models, CodeBERT, Static Analysis, DevSecOps, OWASP, Software Security, IDE Plugin, Real-Time Analysis Published On : 2026-04-16 Article Download : 
|
|
