Skip to content
Luigi Colluto edited this page Jul 14, 2026 · 2 revisions

👁️ Argo — LLM-native static vulnerability detection

Argus Panoptes, the all-seeing watchman — a hundred eyes on your code.

Argo finds security vulnerabilities in source code by driving an LLM as the analyst — it reads the code the way a human auditor would, rather than matching rules against a graph. Point it at any codebase — a local folder, a private repo, or a public one — and it produces a reviewable vulnerability report.

The core idea: start from reusable general prompts and automatically enrich them with target-specific context (stack, endpoints, docs, advisory history), so every audit runs with tailored prompts instead of generic ones. It runs on whatever you have: Claude Code, the Codex CLI (OpenAI), or a local open-source model.

End-to-end pipeline flow

Where Argo sits

Argo is an LLM-native SAST — a complement and alternative to rule-based static analyzers (CodeQL, Semgrep): nothing to write (no queries, no rule packs), and it catches logic/authorization bugs that fixed patterns miss, at the cost of being probabilistic rather than exhaustive (see Design Decisions). It is static by design — it never executes the target (a hard guardrail), so it is not a DAST, fuzzer, or symbolic executor.

Bug-bounty triage is one specialized mode (scope/RoE ingest, submission drafts, cross-run resubmission tracking), not the whole tool — see Two Modes.

Start here

New to Argo? Read in this order:

  1. Getting Started — install, first run, the zero-cost modes.
  2. Two Modes — general code audit vs. bug-bounty triage.
  3. Architecture — the module map and the 5+ pipeline stages.
  4. Guardrails & Safety — the non-negotiable rules, and exactly where they're enforced in code.

What Argo does, one page per feature

Feature What it buys you
Threat-Informed Audit Opt-out web OSINT (CVEs, advisories, project history) feeds the audit before it starts.
Archetype-Driven Prompts Classifies the software first, then writes custom, ground-truth-baked audit prompts for it.
Adversarial Validation A second model tries to refute every finding before it survives.
Docs & History Corroboration Cross-checks survivors against the project's own docs and VCS history.
Design-Aware Impact Discipline Injects the vendor's accepted-by-design behaviors; blocks reflexive over-claiming.
Multi-Backend Same pipeline on Claude Code, the Codex CLI, or a local/OSS model — plus multi-account fallback.
Remediation & Fixes Opt-in: proposes a patch per finding and verifies it compiles on an isolated copy.
Interrogation Chat Ask "why didn't you find X?" — with a real re-validation path, not just a chatty answer.
Runtime Verification Opt-in: boots the OSS target in a sealed sandbox and confirms findings with a real HTTP PoC.
Live Verification Opt-in, authorized-only: bounded, in-scope, read-only requests against the program's real hosts.
Benchmarks & Costs Precision/recall/F1 against labeled suites, paired with real triager accept-rate and observed cost.
Web UI Paste a program, point at a repo, watch the run live, read the results — no CLI needed.

Reference

Principles (read this before pointing Argo at anything)

Argo is for authorized security review only — your own code, bug-bounty programs with safe harbor, CTFs, or research. Three constraints are enforced in the orchestrator, not left to the prompts: it never auto-submits, it never contacts a live host by default, and the repo is always mounted read-only. Full detail: Guardrails & Safety.

License

Apache License 2.0. Argo is detection-only; you are responsible for staying within the scope and rules of engagement of any program you point it at.

Clone this wiki locally