Saved in:
Bibliographic Details
Main Authors: Lassoued, Aymen, Mbarek, Nacef, Dardouri, Bechir, Ouni, Bassem, Li, Qing, Karray, Fakhri
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2603.28309
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912988532834304
author Lassoued, Aymen
Mbarek, Nacef
Dardouri, Bechir
Ouni, Bassem
Li, Qing
Karray, Fakhri
author_facet Lassoued, Aymen
Mbarek, Nacef
Dardouri, Bechir
Ouni, Bassem
Li, Qing
Karray, Fakhri
contents Vulnerability detection in C programs is a critical challenge in software security. Although large language models (LLMs) achieve strong detection performance, their multi-billion-parameter scale makes them impractical for integration into development workflows requiring low latency and continuous analysis. We introduce VULNSCOUT-C, a compact transformer architecture with 693M total parameters (353M active during inference), derived from the Qwen model family and optimized for C code vulnerability detection. Alongside the model, we present VULNSCOUT, a new 33,565-sample curated dataset generated through a controlled multi-agent pipeline with formal verification, designed to fill coverage gaps in existing benchmarks across underrepresented CWE categories. Evaluated on a standardized C vulnerability detection benchmark, VULNSCOUT-C outperforms all evaluated baselines, including state-of-the-art reasoning LLMs and commercial static analysis tools, while offering a fraction of their inference cost. These results demonstrate that task-specialized compact architectures can match or even outperform the detection capability of models orders of magnitude larger, making continuous, low-latency vulnerability analysis practical within real-world development workflows.
format Preprint
id arxiv_https___arxiv_org_abs_2603_28309
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle VulnScout-C: A Lightweight Transformer for C Code Vulnerability Detection
Lassoued, Aymen
Mbarek, Nacef
Dardouri, Bechir
Ouni, Bassem
Li, Qing
Karray, Fakhri
Cryptography and Security
Vulnerability detection in C programs is a critical challenge in software security. Although large language models (LLMs) achieve strong detection performance, their multi-billion-parameter scale makes them impractical for integration into development workflows requiring low latency and continuous analysis. We introduce VULNSCOUT-C, a compact transformer architecture with 693M total parameters (353M active during inference), derived from the Qwen model family and optimized for C code vulnerability detection. Alongside the model, we present VULNSCOUT, a new 33,565-sample curated dataset generated through a controlled multi-agent pipeline with formal verification, designed to fill coverage gaps in existing benchmarks across underrepresented CWE categories. Evaluated on a standardized C vulnerability detection benchmark, VULNSCOUT-C outperforms all evaluated baselines, including state-of-the-art reasoning LLMs and commercial static analysis tools, while offering a fraction of their inference cost. These results demonstrate that task-specialized compact architectures can match or even outperform the detection capability of models orders of magnitude larger, making continuous, low-latency vulnerability analysis practical within real-world development workflows.
title VulnScout-C: A Lightweight Transformer for C Code Vulnerability Detection
topic Cryptography and Security
url https://arxiv.org/abs/2603.28309