Static analysis tools match patterns and miss logic bugs. This paper presents CodeSight, an open-source CLI that sends code to LLMs and gets back security findings. We tested five models (GPT-5.4, Claude Opus 4.7, Gemini 3.1 Pro, Llama 4 Maverick, DeepSeek V3.2) on three known-vulnerable codebases and compared detection rates with Semgrep. LLMs found roughly twice as many vulnerabilities as pattern matching, with the biggest gains in authentication bypasses and business logic bugs. CodeSight is MIT licensed and available at https://github.com/AvixoSec/codesight.
Yevhenii Boiko (Tue,) studied this question.