Background
The growing complexity and interconnectivity of modern software systems increases the likelihood of security vulnerabilities. Indeed, introducing more components, configurations, and interactions in a system can lead to unintended behaviors, misconfigurations, and bugs. Moreover, when systems rely on external services, APIs, and third-party software, they increase the attack surface and the potential for vulnerabilities to propagate. While automated tools can detect vulnerabilities (e.g., static analyzers, fuzzers, or scanners), understanding the root cause behind these vulnerabilities still requires significant human expertise. Root-cause analysis is critical because it not only explains why a vulnerability exists but also guides developers in preventing similar issues in the future.

Description
Large Language Models (LLMs) have recently demonstrated strong capabilities in tasks such as code analysis, summarization, and reasoning. These strengths suggest that LLMs could be applied to the problem of vulnerability root-cause analysis, where the goal is to go beyond simply flagging a vulnerability and instead explain the underlying error patterns or flawed assumptions that caused it. However, several challenges remain. These challenges include the following: (i) security vulnerability data is diverse and often domain-specific, (ii) LLMs may generate plausible but incorrect explanations i.e., hallucinations, and (iii) it is unclear how to best combine LLM reasoning with existing vulnerability detection tools.

Key Responsibilities
In this thesis, the student(s) will review existing approaches to applying LLMs in software security and program analysis. The student(s) will then design and prototype a system that uses LLMs to perform root-cause analysis of vulnerabilities. The focus will be on developing methods to:

• ingest and preprocess vulnerability reports, system source code, and system documentation e.g., design, requirements, and test cases,
• use LLMs to generate structured explanations of root causes and possible remediations, and
• evaluate the quality of these explanations against expert analyses or ground-truth datasets.

The expected outcome is a configurable framework that can assist security researchers and developers by automating parts of vulnerability triage and providing insights into common root causes and possible remediations.

Qualifications
Candidates are expected to be enrolled in a master's program in a field related to computer science and engineering. Having already completed AI-related courses and/or gained working experience with AI/LLMs is an advantage. Having knowledge in cybersecurity is also an advantage.

Terms
As a master's thesis candidate(s) in this project, the student(s) will work with researchers from the Systems Engineering and Dependable Transport Systems units at RISE. RISE will provide support to perform the thesis work. This thesis is in Gothenburg, physical presence is expected to some degree. The start is the beginning of 2026. We encourage applications from two students who want to work together on the project.

Compensation: 1,000 SEK per credit after project completion and approval, if more than one student. 1,333 SEK per credit after project completion and approval, if one student.

Welcome with your application!

Last day of application: 30 Nov 2025
Contact: Rodi Jolak +46 10 228 42 56