VYPR
researchPublished May 13, 2026· Updated May 17, 2026· 1 source

SecureLayer7 Releases Sandyaa, an Autonomous AI-Powered Vulnerability Auditor

SecureLayer7 has launched Sandyaa, an open-source autonomous security tool that uses recursive LLM analysis to audit source code and generate functional proof-of-concept exploits for confirmed vulnerabilities.

SecureLayer7 has released Sandyaa, an open-source autonomous security tool designed to audit source code and generate functional exploit code for identified vulnerabilities. Unlike traditional static analysis tools that often produce high volumes of noise, Sandyaa utilizes Large Language Models (LLMs) to perform deep analysis, tracing data movement across entire codebases to confirm the exploitability of potential security flaws Help Net Security.

The tool operates through an eight-phase recursive analysis process, which includes call-chain tracing, data-flow expansion, and vulnerability chaining. To ensure accuracy and reduce false positives, Sandyaa incorporates a specific "attacker-control analyzer" that filters out theoretical issues that cannot be reached from untrusted input. When a vulnerability is confirmed, the tool generates a comprehensive report containing an analysis write-up, a Python-based proof-of-concept (PoC), a setup guide, and an evidence.json file that maps findings to specific file paths and line numbers Help Net Security.

Sandyaa is capable of identifying a wide array of security issues, ranging from memory-safety bugs like use-after-free, buffer overflows, and type confusion to complex logic errors such as authentication bypass and Time-of-Check to Time-of-Use (TOCTOU) flaws. It also detects various injection vulnerabilities, including SQL injection, command injection, and Cross-Site Scripting (XSS), as well as cryptographic misuse and concurrency races Help Net Security.

To address concerns regarding the execution of generated exploit code, SecureLayer7 has made PoC execution an opt-in feature that is disabled by default. CTO Sandeep Kamble noted that the verification pipeline, which includes contradiction detection and self-verification, was refined until the tool's output became more efficient for researchers to review than manual code auditing. The tool has already successfully identified two vulnerabilities in the Spring AI project: a SQL injection in MariaDBFilterExpressionConverter and a JSONPath injection in PgVectorStore AbstractFilterExpressionConverter Help Net Security.

The architecture of Sandyaa relies on "Recursive Language Models," which allow it to process repositories that exceed the context window of a single LLM query by splitting code into chunks and spawning sub-queries. The tool integrates with existing developer workflows by piggybacking on active Claude Code sessions, eliminating the need for separate API keys. While currently optimized for macOS, the project is available under an MIT license for broader use Help Net Security.

The release of Sandyaa reflects a broader industry trend toward integrating autonomous agents into the software development lifecycle to accelerate vulnerability discovery. By automating the labor-intensive process of tracing data flows and verifying exploitability, such tools aim to shift the burden of initial triage away from human researchers, allowing them to focus on high-level remediation and architectural security.

Synthesized by Vypr AI
SecureLayer7 Releases Sandyaa, an Autonomous AI-Powered Vulnerability Auditor · VYPR