[Tool Release] Vulnhalla: Filtering CodeQL noise with GPT-4o (Found 0-days in Linux Kernel & Redis
By Holidays in Europe / December 22, 2025 / No Comments / Uncategorized
Enhancing Static Code Analysis with AI: Introducing Vulnhalla for Prioritized Vulnerability Detection
Disclaimer: The following insights are based on research conducted by CyberArk Labs, a team dedicated to cybersecurity innovation.
Navigating the Challenges of Static Analysis in Modern Cybersecurity
Static analysis tools, such as CodeQL, have become indispensable in the security analyst’s toolkit. They excel at scouring codebases for potential vulnerabilities, flagging “maybe” issues that warrant further investigation. However, these tools often produce an overwhelming number of alerts—many of which turn out to be false positives—creating a significant burden for security teams. The challenge lies in efficiently distinguishing genuine threats from benign code patterns amidst a deluge of noise.
Introducing Vulnhalla: An AI-Powered Solution to Reduce False Positives
To tackle this problem, CyberArk Labs developed Vulnhalla, an open-source tool designed to refine and prioritize static analysis alerts. Vulnhalla leverages cutting-edge language models, specifically GPT-4o, to analyze the context of CodeQL alerts, helping determine their legitimacy with high accuracy.
By integrating GPT-4o’s reasoning capabilities, Vulnhalla effectively filters out approximately 96% of false positives, significantly reducing the manual triage workload. This allows security analysts to focus their attention on truly critical vulnerabilities.
Rapid Vulnerability Discovery: Real-World Results
In a recent application, the team used Vulnhalla to analyze several complex codebases, including the Linux Kernel, FFmpeg, Redis, Bullet3, and RetroArch. Over just two days, with minimal API expenditure (under $80), the team confirmed the presence of multiple vulnerabilities—identified as CVEs—in these systems.
The process not only validated concerns that might have been obscured by false positives but also demonstrated the potential for ongoing, longer-term analysis with improved models and extended runtime, promising even more discoveries ahead.
Resources for the Community
For cybersecurity professionals interested in exploring Vulnhalla, detailed technical insights and the tool itself are available:
-
Technical Blog Post: Read the full deep dive on CyberArk’s website
-
Open-Source Repository: Access Vulnhalla on GitHub
Conclusion
Vulnhalla