Black Hat USA 2025 | How Tree-of-AST Redefines the Boundaries of Dataflow Analysis

Описание: In recent years, vulnerability discovery has largely relied on static analysis tools with predefined pattern matching and taint analysis. These traditional methods are not as efficient for complex codebases that span multiple files and utilize atypical input processing techniques. While successful for common vulnerability patterns, they frequently miss sophisticated attack vectors that operate across multiple functions, and sometimes multiple files.

In this talk, we will be covering Tree-of-AST, a new framework that combines large language models with abstract syntax tree analysis to address the limitations above. This approach leverages a unique Locate-Trace-Vote (LTV) methodology that enables autonomous tracking of data flows within large-scale projects, even in the absence of predefined source patterns. We will be sharing conclusive benchmark analysis showing that the Tree-of-AST method outperforms established tools by discovering previously undetected vulnerabilities. The study was done on widely-used open-source projects.

Further, we demonstrate that our system autonomously generates working exploits with a success rate above the industry average for similar tools. We would wrap up the talk by examining practical defensive strategies developers could implement to protect their codebases from similar emerging techniques, and discuss how automatic exploitation capabilities reshape the modern digital security landscape.

By:
Sasha Zyuzin | Student, Bachelor's Degree, University of Maryland
Ruikai Peng | Founder, Pwno

Presentation Materials Available at:
https://blackhat.com/us-25/briefings/...