The latest articles on DEV Community by mr_miou (@miou). https://dev.to/miou https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3950980%2F886a42c8-aefd-4885-872b-d289940aa54f.png https://dev.to/miou en mr_miou Mon, 25 May 2026 15:42:49 +0000 https://dev.to/miou/why-most-ai-fails-at-idor-and-how-amas-fixes-it-with-causal-reasoning-517k https://dev.to/miou/why-most-ai-fails-at-idor-and-how-amas-fixes-it-with-causal-reasoning-517k <h2> The problem no one talks about </h2> <p>Large language models are great at pattern matching.<br><br> Show them enough “vulnerable” examples, and they learn the <em>words</em> – not the <em>reason</em>.</p> <p>That’s why they struggle with <strong>logical vulnerabilities</strong> like IDOR, privilege escalation, and workflow bypasses.</p> <p>These attacks depend on <em>who</em> the actor is, <em>who</em> owns the resource, and <em>where</em> the trust boundary sits – not just on the presence of keywords like “authorization”.</p> <h2> Enter AMAS </h2> <p><strong>AMAS</strong> (AI Multi‑Agent Security Analysis System) is a security reasoning substrate.<br><br> It doesn’t teach the model to memorise patterns.<br><br> It teaches it to understand <strong>causality</strong>.</p> <p>Instead of “this is an IDOR”, AMAS models:</p> <ul> <li> <strong>Identity &amp; Session</strong> – who is the actor? who is the owner? </li> <li> <strong>Enforcement failures</strong> – which security control was missing or broken? </li> <li> <strong>Temporal transitions</strong> – what changed before and after the request? </li> <li> <strong>Causal graphs</strong> – how does a chain of events lead to a breach?</li> </ul> <h2> How it works (in a nutshell) </h2> <ol> <li> <strong>Ingest real‑world CVEs</strong> – streaming NVD feeds, filter by relevance (access control, auth, business logic). </li> <li> <strong>Convert each CVE into a causal graph</strong> – extract actors, resources, trust boundaries, and missing controls. </li> <li> <strong>Mix with high‑quality synthetic data</strong> – generated by a semantic mutation engine that changes <em>mechanics</em> (infrastructure, auth model, async behaviour), not just wording. </li> <li> <strong>Quality control</strong> – deduplication, domain coherence checks, repetition validation. </li> <li> <strong>Export</strong> – <code>train.jsonl</code> ready for fine‑tuning, plus detailed manifests.</li> </ol> <p>Everything is <strong>deterministic</strong> (same seed → same dataset) and <strong>scalable</strong> (handles 200k+ CVEs).</p> <h2> Results (so far) </h2> <p>After fine‑tuning a Mistral‑7B model on AMAS‑generated data:</p> <ul> <li>✅ <strong>Generalisation</strong> – same vulnerability, different wording → correctly identified. </li> <li>✅ <strong>Negative tests</strong> – secure login requests → no false alarms. </li> <li>✅ <strong>Domain shift</strong> – secure scenarios in fintech, e‑commerce, healthcare → all classified correctly. </li> </ul> <p>Duplication dropped from <strong>52% to &lt;10%</strong>, and domain corruption was <strong>eliminated</strong> in the latest pipeline.</p> <h2> Next steps </h2> <ul> <li>Open‑source release (GitHub) – complete pipeline, docs, examples. </li> <li>Research paper (causal reasoning + identity‑aware training). </li> <li>Pre‑trained model weights.</li> </ul> <h2> Why share this now? </h2> <p>Because the industry keeps building pattern‑matching scanners.<br><br> We need <strong>reasoning engines</strong>. </p> <p>If you’re into AI security, causal ML, or synthetic data – let’s connect.<br><br> I’ll drop the repo link here as soon as it’s public.</p> <p><em>Comments and questions are very welcome. Let’s make AI actually understand security.</em></p> ai security llm cybersecurity