GitHub Security Lab has released an open source AI framework that discovered over 80 serious vulnerabilities in popular open source projects, including authentication bypasses and authorization flaws, by combining threat modeling with rigorous code auditing.
GitHub Security Lab has unveiled a powerful new open source framework that leverages AI to systematically hunt for high-impact security vulnerabilities in codebases. The framework, built on GitHub's seclab-taskflow-agent, has already uncovered more than 80 serious flaws across popular open source projects, with approximately 20 publicly disclosed so far.
The framework combines sophisticated threat modeling with rigorous code auditing to achieve remarkably high accuracy rates. Unlike traditional static analysis tools that often produce noisy results, this AI-powered approach focuses on understanding the intended functionality and security boundaries of each component before hunting for vulnerabilities.
How the AI Vulnerability Scanner Works
The framework operates through a series of interconnected taskflows defined in YAML files. These taskflows break down the auditing process into manageable steps, each building upon the previous one's findings.
Threat Modeling First
Rather than diving straight into code analysis, the framework begins by understanding the application's architecture and intended use. It identifies different components within a repository, maps out entry points where untrusted input might enter, and determines what actions normal users should be able to perform.
This threat modeling phase is crucial because it helps the AI understand the security context. For example, a command injection vulnerability in a CLI tool designed to execute arbitrary scripts might not be a security issue at all—it's simply working as intended.
Two-Stage Vulnerability Discovery
The framework uses a two-step approach to balance exploration with accuracy:
Issue Suggestion Stage: The AI suggests potential vulnerability types for each component based on its understanding of the codebase's functionality and attack surface
Issue Audit Stage: Each suggested issue undergoes rigorous manual verification where the AI must provide concrete evidence from the source code, including specific file paths and line numbers
The separation is key—it prevents the AI from hallucinating issues while still allowing it to explore broadly in the initial suggestion phase.
Real-World Impact: Three High-Profile Vulnerabilities
Privilege Escalation in Outline (CVE-2025-64487)
The framework's first major success came when auditing Outline, a collaborative web application. It discovered a critical authorization flaw where document group membership modification endpoints used weaker permissions than required.
Specifically, the "update" permission was sufficient to modify group memberships that should have required "manageUsers" permission. This allowed non-admin collaborators to grant themselves and others administrative privileges, enabling actions like document deletion and user management that were never intended for their role.
The vulnerability was verified through detailed analysis showing exactly how the bypass worked, including the specific code paths and authorization checks that failed.
Shopping Cart Data Exposure (Multiple CVEs)
When analyzing ecommerce platforms, the framework uncovered systematic authorization logic flaws in shopping cart functionality. In WooCommerce, it found that signed-in users could view all guest orders, including personally identifiable information like names, addresses, and phone numbers.
A similar issue in the Spree commerce platform allowed unauthenticated users to enumerate guest order addresses by simply incrementing sequential identifiers. These vulnerabilities had existed for years undetected, highlighting how traditional security tools often miss such logic flaws.
Rocket.Chat Authentication Bypass (CVE-2026-28514)
Perhaps the most shocking discovery involved Rocket.Chat's microservices architecture. The framework found that users could authenticate as any account using any password due to a subtle JavaScript Promise handling bug.
The vulnerability stemmed from not awaiting a Promise returned by bcrypt.compare, causing the authentication check to always pass when a password hash existed. This allowed complete account takeover through Rocket.Chat's DDP streaming service.
Impressive Accuracy Rates
After analyzing over 40 repositories and suggesting 1,003 potential issues, the framework marked 139 as having actual vulnerabilities. Manual verification revealed that 19 (21%) were serious enough to report, with the majority rated high or critical severity.
The false positive rate was remarkably low—only 22% of verified vulnerabilities were rejected as non-exploitable. This compares favorably to traditional security tools that often have false positive rates exceeding 50%.
Why It Works So Well
The framework excels at finding logical vulnerabilities that traditional tools miss. It's particularly adept at identifying:
- Authorization bypasses (IDOR issues): The most common finding, accounting for 15.8% of all suggestions
- Business logic flaws: Accounting for 25% of verified vulnerabilities
- Authentication issues: Including the Rocket.Chat bypass
Its strength lies in understanding code flow and access control models rather than just pattern matching. The AI can follow complex authorization logic across multiple files and understand when inconsistencies actually matter for security.
Getting Started with the Framework
The framework is available on GitHub and requires a GitHub Copilot license to run. Here's how to try it on your own projects:
- Clone the seclab-taskflows repository
- Start a codespace and wait for initialization
- Run
./scripts/audit/run_audit.sh myorg/myrepo - Wait 1-2 hours for medium-sized repositories
- Review results in the SQLite viewer, focusing on rows with checkmarks in the "has_vulnerability" column
Important considerations:
- Multiple runs may yield different results due to the non-deterministic nature of LLMs
- Different models (GPT 5.2 vs Claude Opus 4.6) can produce varying findings
- Private repositories require additional configuration for codespace access
The Future of AI-Powered Security
GitHub Security Lab sees this as just the beginning. The framework's modular design allows developers to create custom taskflows for specific vulnerability types or security workflows beyond just finding bugs.
Potential applications include:
- Triaging static analysis results more effectively
- Automating security code reviews
- Building development environments with security guardrails
- Creating specialized scanners for niche vulnerability classes
By open-sourcing the framework, GitHub aims to accelerate the security community's collective ability to eliminate vulnerabilities. The more teams that use and contribute to it, the faster we can collectively improve software security.
As Peter Stöckli from GitHub Security Lab notes, "The security community moves faster when it shares knowledge." This framework represents a significant step toward that goal, combining the pattern recognition capabilities of AI with the rigorous verification processes that security professionals demand.
For developers and security teams looking to enhance their vulnerability detection capabilities, this framework offers a compelling blend of automation and accuracy that could significantly reduce the time spent on manual security reviews while catching issues that might otherwise slip through the cracks.
Comments
Please log in or register to join the discussion