LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame
Black Hat USA 2025 · Day 1 · Briefings
Cheng Dai and undergraduate collaborator Yifei built MinWhisper, an LLM-based pipeline that autonomously finds vulnerabilities in Samsung phones by decompiling stripped ARM64 binaries, reconstructing data structures, and running taint-style analysis with reasoning models. The tool contributed to the researchers earning recognition in Samsung's Mobile Security Hall of Fame in 2024 and has since found multiple new confirmed vulnerabilities in the SecVideoEngineService — including CVE-2024-34587 and SVE-2024-1490. ---
AI review
The MinWhisper pipeline produces real CVEs against Samsung firmware, the data structure reconstruction methodology is the key technical innovation, and the 80% confidence threshold as a practical true-positive filter is an honest engineering result. An undergraduate contributed to this. That's worth noting.