FENRIR: AI Hunting for AI Zero-Days at Scale
Peter Girnus, Derek Chen
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 1
TrendAI's Zero Day Initiative team built FENRIR, an AI-powered vulnerability discovery engine that combines traditional static analysis with a cascade of LLM triage stages to find zero-day bugs at scale. In production, FENRIR has delivered a 2.5x increase in vulnerabilities discovered, 80% fewer false positives, 70% faster disclosure, and a 3x productivity increase — while submitting over 60 high or critical CVEs and with more than 100 in pre-disclosure. ---
AI review
FENRIR is in production, has been running for over a year, and has submitted 60+ high/critical CVEs with 100+ in pre-disclosure and 3,000 pending. The cascade architecture — YARA-X to Semgrep to CodeQL to L1 Sonnet to L2 Opus — is smart engineering, and the forced-reflection mechanism for preventing shallow reasoning is an insight every agentic security team should steal immediately.