Glossary · Term

SAILOR

← all terms

Definition

Plain language

A system that combines static analysis, AI, and symbolic execution to find security bugs and write working proofs that exploit them.

As stated in the literature

A vulnerability discovery framework that pairs CodeQL-style static analysis with LLM-driven harness synthesis and symbolic execution, validating crashes against AddressSanitizer on unmodified binaries.

Why it matters: Pairing static analysis with LLM-driven harness synthesis closes the loop from "this looks suspicious" to "here's a proof it's exploitable," sharply reducing security-team triage time.

For example, SAILOR might use static analysis to flag a suspicious string-copy function, have an LLM synthesize a test harness around it, and produce a crashing input that AddressSanitizer confirms is a real overflow.

Heard on the show

“And the system has a name — they call it SAILOR.”
Episode 014 — Why a Constrained Pipeline Beat a Full Coding Agent at Finding Bugs 30-to-1

Mentioned in 1 episode

  1. 014
    Why a Constrained Pipeline Beat a Full Coding Agent at Finding Bugs 30-to-1

Related terms