[shw1n]

I’d built an AI agent to accomplish this using Ghidra + GDB for dynamic analysis (tested it on crackmes)

It worked surprisingly well

Applied to YC with it, sadly no interview

Was later told by some accepted friends/VCs that our application was good, but without pedigree we needed traction to de-risk / get accepted :(

[nicce]

I think AI is currently much poorer for this use case, if you want to generalize it. There is less assembly code training data available where existing bad coding patterns are matched to actual bug descriptions. Assembly is more verbose so they also take more context width from LLMs. False positive are the biggest pain in this area. With LLMs it is also surprisingly difficult to test the existence of vulnerability in general - often you give a hint about the possible issue with the prompt itself. If you do it in large scale, false positives are everywhere.

[geenat]

If you think its good why wait on YC...just build it.

[shw1n]

Pre-seed funding w/o a lengthy pitch process

Much harder to bootstrap part-time w/ dependents