{"id":"https://openalex.org/W4411271117","doi":"https://doi.org/10.1109/raie66699.2025.00005","title":"Insights and Current Gaps in Open-Source LLM Vulnerability Scanners: A Comparative Analysis","display_name":"Insights and Current Gaps in Open-Source LLM Vulnerability Scanners: A Comparative Analysis","publication_year":2025,"publication_date":"2025-04-29","ids":{"openalex":"https://openalex.org/W4411271117","doi":"https://doi.org/10.1109/raie66699.2025.00005"},"language":"en","primary_location":{"id":"doi:10.1109/raie66699.2025.00005","is_oa":false,"landing_page_url":"https://doi.org/10.1109/raie66699.2025.00005","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACM International Workshop on Responsible AI Engineering (RAIE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054599853","display_name":"Jonathan Brokman","orcid":"https://orcid.org/0000-0001-6164-0253"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jonathan Brokman","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092189525","display_name":"Omer Hofman","orcid":"https://orcid.org/0009-0006-0136-9792"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Omer Hofman","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114475508","display_name":"Oren Rachmil","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Oren Rachmil","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101889791","display_name":"Inderjeet Singh","orcid":"https://orcid.org/0000-0003-3011-3199"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Inderjeet Singh","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114601830","display_name":"Vikas Pahuja","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vikas Pahuja","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114601829","display_name":"Rathina Sabapathy","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rathina Sabapathy","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065424056","display_name":"A. Priya","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Aishvariya Priya","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074215663","display_name":"Amit Giloni","orcid":"https://orcid.org/0000-0001-6496-0148"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Amit Giloni","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091417920","display_name":"Roman Vainshtein","orcid":"https://orcid.org/0000-0001-7033-5373"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Roman Vainshtein","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077629763","display_name":"Hisashi Kojima","orcid":"https://orcid.org/0000-0002-0973-1673"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hisashi Kojima","raw_affiliation_strings":["Fujitsu Research"],"affiliations":[{"raw_affiliation_string":"Fujitsu Research","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5054599853"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.21623839,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9750000238418579,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9750000238418579,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.974399983882904,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9724000096321106,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.615534782409668},{"id":"https://openalex.org/keywords/current","display_name":"Current (fluid)","score":0.596886396408081},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.5436976552009583},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5010101795196533},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.18826261162757874},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.18489795923233032},{"id":"https://openalex.org/keywords/electrical-engineering","display_name":"Electrical engineering","score":0.1478683054447174},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14440622925758362},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10178211331367493}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.615534782409668},{"id":"https://openalex.org/C148043351","wikidata":"https://www.wikidata.org/wiki/Q4456944","display_name":"Current (fluid)","level":2,"score":0.596886396408081},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.5436976552009583},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5010101795196533},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.18826261162757874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.18489795923233032},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.1478683054447174},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14440622925758362},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10178211331367493}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/raie66699.2025.00005","is_oa":false,"landing_page_url":"https://doi.org/10.1109/raie66699.2025.00005","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACM International Workshop on Responsible AI Engineering (RAIE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W4240226086","https://openalex.org/W4309395891","https://openalex.org/W4366588626","https://openalex.org/W4384918448","https://openalex.org/W4385374425","https://openalex.org/W4385573644","https://openalex.org/W4386228564","https://openalex.org/W4387559087","https://openalex.org/W4388858734","https://openalex.org/W4388886073","https://openalex.org/W4389599215","https://openalex.org/W4390497390","https://openalex.org/W4391709828","https://openalex.org/W4392223570","https://openalex.org/W4395064704","https://openalex.org/W4399269390","https://openalex.org/W4399794780","https://openalex.org/W4400582517","https://openalex.org/W4401863475","https://openalex.org/W4403585381","https://openalex.org/W4403885302","https://openalex.org/W4405030004","https://openalex.org/W4405181600","https://openalex.org/W4409348010","https://openalex.org/W4410609100","https://openalex.org/W6854866820","https://openalex.org/W6855469472","https://openalex.org/W6856716710","https://openalex.org/W6857038892","https://openalex.org/W6858023062","https://openalex.org/W6858981908","https://openalex.org/W6861236866","https://openalex.org/W6862628023","https://openalex.org/W6865177968","https://openalex.org/W6869173661","https://openalex.org/W6873244045","https://openalex.org/W6873571598","https://openalex.org/W6874698745"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"We":[0,89],"present":[1,30],"a":[2,124,133],"comparative":[3],"analysis":[4],"of":[5,64,97,103],"open-source":[6],"tools":[7],"that":[8,81],"scan":[9],"conversational":[10],"large":[11],"language":[12],"models":[13],"(LLMs)":[14],"for":[15,127,154],"vulnerabilities,":[16],"in":[17,119,167],"short":[18],"-":[19,59,74,80],"scanners.":[20],"As":[21],"LLMs":[22],"become":[23],"integral":[24],"to":[25,35,110,143,164],"various":[26],"applications,":[27],"they":[28],"also":[29],"potential":[31],"attack":[32],"surfaces,":[33],"exposed":[34],"security":[36],"risks":[37],"such":[38],"as":[39,57,139,159,161],"information":[40],"leakage":[41],"and":[42,55,78,94,106,157,174],"jail-break":[43],"attacks.":[44],"AI":[45],"red-teaming,":[46],"adapted":[47],"from":[48],"traditional":[49],"cyberse-curity,":[50],"is":[51],"recognized":[52],"by":[53,85],"governments":[54],"companies":[56],"essential":[58],"often":[60],"emphasizing":[61],"the":[62,91,149],"challenge":[63,84],"continuously":[65],"evolving":[66],"threats.":[67],"Our":[68],"study":[69],"evaluates":[70],"prominent,":[71],"cutting-edge":[72],"scanners":[73],"Garak,":[75],"Giskard,":[76],"PyRIT,":[77],"CyberSecEval":[79],"address":[82],"this":[83,145],"automating":[86],"red-teaming":[87],"processes.":[88],"detail":[90],"distinctive":[92],"features":[93],"practical":[95],"use":[96,176],"these":[98],"scanners,":[99],"outline":[100],"unifying":[101],"principles":[102],"their":[104],"design":[105],"perform":[107],"quantitative":[108],"evaluations":[109,114],"compare":[111],"them.":[112],"These":[113],"uncover":[115],"significant":[116],"reliability":[117],"issues":[118],"detecting":[120],"successful":[121],"attacks,":[122],"highlighting":[123],"fundamental":[125],"gap":[126],"future":[128,155],"development.":[129],"Additionally,":[130],"we":[131,151],"contribute":[132],"foundational":[134],"labeled":[135],"dataset,":[136],"which":[137],"serves":[138],"an":[140],"initial":[141],"step":[142],"bridge":[144],"gap.":[146],"Based":[147],"on":[148],"above,":[150],"provide":[152],"suggestions":[153],"regulations":[156],"standardization,":[158],"well":[160],"strategic":[162],"recommendations":[163],"assist":[165],"organizations":[166],"scanner":[168],"selection,":[169],"considering":[170],"customizability,":[171],"test-suite":[172],"comprehensiveness":[173],"industry-specific":[175],"cases.":[177]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}