deterministic security testing
Static analysis that doesn't just find vulnerabilities — it proves them exploitable.
DST generates deterministic proof certificates: the exact payload, delivery method, and verification oracle for each finding. No AI in the detection loop. Same code, same report, every time.
783+
CWE properties checked per file
10
Languages supported
92.7%
OWASP Benchmark (SQLi)
Latest Research
LLM Output as a Taint Source for Deterministic Security Testing
LLM output is strictly more dangerous than HTTP input due to trust laundering, structural sophistication, transitive taint, and nondeterminism. We propose a mapper-level phoneme extension for DST that classifies 50+ LLM SDK API response patterns as tainted INGRESS, enabling detection of the full OWASP LLM05 category with zero changes to existing CWE verifiers.
14 AI/LLM Vulnerability Classes Not Cataloged by OWASP or MITRE
After deduplicating 53 unique vulnerability patterns across OWASP LLM/Agentic/ML Top 10 and MITRE ATLAS, we identify 14 classes that fall through the cracks of existing frameworks. Includes GPU hardware attacks (GPUBreach), reasoning chain hijacking (99% success), computational graph backdoors (ShadowLogic), and more.