Overview
SecureFixAgent is a hybrid agent system that augments static analysis tools (like Bandit) with Large Language Models to detect and repair vulnerabilities in Python source code. The pipeline benchmarks multiple open-source LLMs, parses their outputs for actionable fixes, and automatically injects safe patches into the original files. By combining deterministic static analysis with adaptive LLM reasoning, the agent enhances both accuracy and automation in software vulnerability remediation.
Pipeline
1. Runs Bandit for static vulnerability detection
2. Passes Bandit reports and vulnerable code segments into an LLM
3. Generates secure patches with explanations
4. Injects fixes back into source files
5. Re-runs Bandit to verify successful remediation
Experiment Results
• Dataset: 2350+ Python vulnerability code samples analyzed
• Zero-shot pre-trained LLM patching fix accuracy: 74.32%
• SecureFixAgent end-to-end fix accuracy: 87.83%
• Reduced false positives vs Bandit alone by ~11%
• SecureFixAgent Likert scale user satisfaction: 4.5/5
Tech. Stack
Python, Bandit, HuggingFace Transformers, LLMs, PyTorch, Agent Orchestration, Static Code Analysis