Large Language Models For Automatic Bug Finding In Source Code Analysis H/F

Large language models for automatic bug finding in source code analysis H/F — Internship in Grenoble, France.

Mathematics, information, scientific, software

Internship

Large language models for automatic bug finding in source code analysis H/F

JOIN US, TO DO WHAT?

Contribute to technological innovation for clean and safe energy, health and well-being, sustainable transportation, information and communications, space exploration, safety and security: that is the mission of CEA - Leti. In the context of an ITSEF, the security evaluation of a software component requires a source code review (audit) performed by an evaluator who needs to be assisted by static analysis tools that can be configured and customized to help checking security requirements. The code analysis methodology at Leti ITSEF comprises two operations: (1) extract a piece of source code to verify a property, (2) attempt to automatically prove the property, and if the status is unknown (proof failed) search path conditions to violate the property. Such violations may reveal vulnerabilities to be exploited by malicious input data combined with fault injection.

As an intern at CEA, you will work in a world-renowned research environment with teams of experts, offering a framework conducive to learning and collaboration. You will have access to state-of-the-art equipment and research resources to carry out your assignments.

(1) Investigate how LLM can be used to assist evaluators in automatically finding bugs in source code, e.g., exploring how AI could assist in generating formal specifications, a long repetitive and complex process.

(2) Assess how LLMs perform and can be complementary to traditional tools used for evaluation (formal methods, using Frama-C and Lazart).

• Literature review of LLM solutions for automatic bug finding.
• Test of LLMs on open benchmarks of source code containing vulnerabilities ([3,4]).
• Evaluation of a scope where LLMs are relevant (where they perform better than traditional tools, where they can be complementary to assist the evaluator).
• Proposition of a methodology to assist source code analysis with LLMs.

References

[2] Lacombe, G., Feliot, D., Boespflug, E. et al. Combining static analysis and dynamic symbolic execution in a toolchain to detect fault injection vulnerabilities. J Cryptogr Eng 14, 147–164 (2024). https://doi.org/10.1007/s13389-023-00310-8

[3] WooKey challenge: https://wookey-project.github.io/

[4] ANSSI, Amossys, EDSI, LETI, Lexfo, Oppida, Quarkslab, SERMA, Synacktiv, Thales, Trusted Labs. (2020) Inter-CESTI: Methodological and Technical Feedbacks on Hardware Devices Evaluations. https://www.sstic.org/2020/presentation/inter-cesti_methodological_and_technical_feedbacks_on_hardware_devices_evaluations/

LLM, IA, static code analysis, Formal methods, cybersecurity

We are looking for a motivated and curious candidate (BAC+5) in cybersecurity to join our team. The candidate must have good programming skills (Python, C, assembly, …) and some basic knowledge in artificial intelligence, embedded system security, vulnerability exploits.

A prior technical knowledge in formal methods for static code analysis is highly valued. A proactive and autonomous profile, an enthusiasm for scientific research are encouraged.

An internship in the heart of the Grenoble metropolitan area, easily accessible via the CEA\'s soft mobility program.

A unique research environment dedicated to topics with high societal impact.

Experience in a cutting-edge field of innovation with strong industrial development potential.

Training to strengthen skills or acquire new ones in embedded electronics, information technology, telecommunications, and/or cybersecurity.

In accordance with the CEA\'s commitments to the integration of people with disabilities, this job is open to all. The CEA offers accommodations and/or organizational possibilities for inclusion of workers with disabilities.

Grenoble

Grenoble

Grenoble

Not specified

BAC+5 preferred

02/02/2026

The French Alternative Energies and Atomic Energy Commission (CEA) is a key player in research, development and innovation in four main areas: defence and security, nuclear energy, technological research for industry, and fundamental research in physical and life sciences. The CEA collaborates with academic and industrial partners and is established in ten centers across France. The ITSEF at CEA-Leti provides security evaluations for industrial products to obtain certification and conducts security tests and audits of design and production sites.