Login
Register
Submit a Paper
Propose a Special lssue
Open Access
ARTICLE
Integration of Large Language Models (LLMs) and Static Analysis for Improving the Efficacy of Security Vulnerability Detection in Source Code
School of Engineering and Technology, International University of La Rioja, Avda.de La Paz, 137, Logroño, 26006, La Rioja, Spain
* Corresponding Author: Juan Ramón Bermejo Higuera. Email:
Computers, Materials & Continua 2026, 86(3), 11 https://doi.org/10.32604/cmc.2025.074566
Received 14 October 2025; Accepted 21 November 2025; Issue published 12 January 2026
View Full Text
Download PDFAbstract
As artificial Intelligence (AI) continues to expand exponentially, particularly with the emergence of generative pre-trained transformers (GPT) based on a transformer’s architecture, which has revolutionized data processing and enabled significant improvements in various applications. This document seeks to investigate the security vulnerabilities detection in the source code using a range of large language models (LLM). Our primary objective is to evaluate the effectiveness of Static Application Security Testing (SAST) by applying various techniques such as prompt persona, structure outputs and zero-shot. To the selection of the LLMs (CodeLlama 7B, DeepSeek coder 7B, Gemini 1.5 Flash, Gemini 2.0 Flash, Mistral 7b Instruct, Phi 3 8b Mini 128K instruct, Qwen 2.5 coder, StartCoder 2 7B) with comparison and combination with Find Security Bugs. The evaluation method will involve using a selected dataset containing vulnerabilities, and the results to provide insights for different scenarios according to the software criticality (Business critical, non-critical, minimum effort, best effort) In detail, the main objectives of this study are to investigate if large language models outperform or exceed the capabilities of traditional static analysis tools, if the combining LLMs with Static Application Security Testing (SAST) tools lead to an improvement and the possibility that local machine learning models on a normal computer produce reliable results. Summarizing the most important conclusions of the research, it can be said that while it is true that the results have improved depending on the size of the LLM for business-critical software, the best results have been obtained by SAST analysis. This differs in “Non-Critical,” “Best Effort,” and “Minimum Effort” scenarios, where the combination of LLM (Gemini) + SAST has obtained better results.Keywords
AI + SAST; secure code; LLM; benchmarking LLM; vulnerability detection
Cite This Article
APA Style
Santas Ciavatta, J.A., Bermejo Higuera, J.R., Bermejo Higuera, J., Montalvo, J.A.S., Riera, T.S. et al. (2026). Integration of Large Language Models (LLMs) and Static Analysis for Improving the Efficacy of Security Vulnerability Detection in Source Code. Computers, Materials & Continua, 86(3), 11. https://doi.org/10.32604/cmc.2025.074566
Vancouver Style
Santas Ciavatta JA, Bermejo Higuera JR, Bermejo Higuera J, Montalvo JAS, Riera TS, Pérez Melero J. Integration of Large Language Models (LLMs) and Static Analysis for Improving the Efficacy of Security Vulnerability Detection in Source Code. Comput Mater Contin. 2026;86(3):11. https://doi.org/10.32604/cmc.2025.074566
IEEE Style
J. A. Santas Ciavatta, J. R. Bermejo Higuera, J. Bermejo Higuera, J. A. S. Montalvo, T. S. Riera, and J. Pérez Melero, “Integration of Large Language Models (LLMs) and Static Analysis for Improving the Efficacy of Security Vulnerability Detection in Source Code,” Comput. Mater. Contin., vol. 86, no. 3, pp. 11, 2026. https://doi.org/10.32604/cmc.2025.074566
Copyright © 2026 The Author(s). Published by Tech Science Press.This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Downloads
Citation Tools
