Definition
Plain language
A specialized static analyzer for finding race-condition bugs in Windows COM services.
As stated in the literature
A static analysis tool targeting concurrency vulnerabilities in Windows COM binaries; used (in a reimplemented form called COMRace++) as the prior state-of-the-art baseline against the slyp agentic vulnerability-discovery system.
Also called: COMRace++
Why it matters: It provides a serious non-AI baseline for evaluating whether agentic vulnerability discovery is actually beating well-tuned classical analyzers.
For example, COMRace++ is run against a set of Windows COM services and compared to the slyp agent on how many real race-condition vulnerabilities each one finds.
Heard on the show
“Static analyzers like COMRace, the previous state-of-the-art for this exact bug class, look for suspicious patterns in code structure.”Episode 024 — An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work