Activeloop (YC S18) Is Hiring AI Search and Python Back End Engineers(Onsite,MV) (careers.activeloop.ai)

I'm a graduate student currently looking for a research topic in cybersecurity. I'm especially interested in analyzing source code to predict or detect vulnerabilities, but I've hit a bit of a wall and could use some fresh ideas.

If you know of any interesting or socially impactful problems—whether technical, theoretical, or policy-related—I'd really appreciate your suggestions. Anything is welcome. Thanks!

Comments (4)

jonahbenton · 11h ago

You don't mention what wall you ran into looking at source for vulnerabilities, but- with the rapid rise of LLM generated source code, at the file, module and whole repo via agents level, a systematic analysis of vulnerabilities commonly introduced by such models, of prompt types that introduce more or fewer vulnerabilities, of agentic patterns that detect vulnerabilities, etc etc- this is a HUGE space that seems nearly completely unexplored.

hogexmox · 11h ago

The main challenge I’ve faced is that my direction has felt vague, and honestly, I’ve lost sight of what kind of research is truly needed in this area right now.

My long-term goal is to develop a way to measure how secure a given software library or component is—essentially, to help developers assess the safety of a library before deciding to use it. Traditional vulnerability scanning hasn't been effective at uncovering unknown vulnerabilities in this context, so I’ve been exploring predictive approaches instead. In other words, I want to analyze code characteristics to estimate the likelihood of future vulnerabilities or assess the current security risk.

There are already many machine learning–based approaches for this kind of analysis, but I find myself unsure of what exactly should be done next. With the rapid advancement of LLMs, I also feel that LLM-based methods might soon overtake traditional machine learning approaches. But keeping up with LLMs is a challenge in itself, given how fast the field is evolving.

hogexmox · 11h ago

On the other hand, investigating the types of vulnerabilities that LLMs are likely to introduce does indeed seem like an unexplored area. That’s a great idea—thank you very much for the suggestion.

jonahbenton · 8h ago

Gotcha, yeah, hear you about the current state of vuln assessment. Many commercial vuln detect tools that work at the source level are very mature; the most critical recent issues have been supply chain- a trustworthy library suddenly becoming untrustworthy- and which could be scored (evaluating contributor behavior in the repo on top of the code itself). But google and other folks are all over oss supply chain security now, so it is more commercial/mature than research.

Going after LLM generated code will present the opposite problem- instead of "oh someone is doing this and someone is doing that and so and so is doing the other thing, what could I possibly do", you have "there is this problem and this other problem and that other other thing and no one is really paying attention to any of this, how can I pick just one thing to do." Still a tough problem but a better landscape for a researcher, looking for ways to contribute. Good luck.

Optery (YC W22) Is Hiring in Engineering, Legal, Sales, Marketing (U.S., Latam) (optery.com)

QuestDB (YC S20) Is Hiring a Technical Content Lead (questdb.com)

Depot (YC W23) Is Hiring a Technical Content Writer (Remote) (ycombinator.com)

Firebender (YC W24) Is Hiring (ycombinator.com)

Better Auth (YC X25) Is Hiring (ycombinator.com)

Kapa.ai (YC S23) is hiring a software engineers (EU remote) (ycombinator.com)

Spice Data (YC S19) Is Hiring a Product Associate (New Grad) (ycombinator.com)

Extend (YC W23) is hiring engineers to build SOTA document processing (jobs.ashbyhq.com)

Piramidal (YC W24) is hiring a full stack engineer (ycombinator.com)

Mango Health (YC W24) Is Hiring (ycombinator.com)

Resolve (YC W15) Is Hiring an Operations and Billing Lead for Construction VR

Arva AI (YC S24) Is Hiring an AI Research Engineer (London, UK) (arva.ai)

Rejoy Health (YC W21) Is Hiring (ycombinator.com)

Weave (YC W25) is hiring an AI engineer (ycombinator.com)

CoinTracker (YC W18) is hiring to solve crypto taxes and accounting (remote)

Crimson (YC X25) is hiring founding engineers in London (ycombinator.com)

Martin (YC S23) Is Hiring Founding Engineers to Build a Better Siri (ycombinator.com)

Meticulous (YC S21) is hiring in UK to redefine software dev (tinyurl.com)

Infisical (YC W23) Is Hiring DevRel Engineers (ycombinator.com)

Sieve (YC X25) is hiring researchers to build large video datasets for AI labs (sievedata.com)

Activeloop (YC S18) Is Hiring AI Search and Python Back End Engineers(Onsite,MV) (careers.activeloop.ai)

Attimet (YC F24) – Quant Trading Research Lab – Is Hiring Founding Researcher (ycombinator.com)

Metriport (YC S22) is hiring engineers to improve healthcare data exchange (ycombinator.com)

Telli (YC F24) Is Hiring Engineers [On-Site Berlin] (hi.telli.com)

Continue (YC S23) is hiring software engineers in San Francisco (ycombinator.com)

UpCodes (YC S17) is hiring a Head of Ops to automate construction compliance (up.codes)

Enhanced Radar (YC W25) is hiring a founding engineer

Converge (YC S23) well-capitalized New York startup seeks product developers (runconverge.com)

Kyber (YC W23) Is Hiring Enterprise BDRs (ycombinator.com)

MindsDB (YC W20) is hiring an AI solutions engineer (job-boards.greenhouse.io)

Recurse Center (YC S10) Is Hiring a Career Facilitator (recurse.notion.site)

Ask HN: Looking for Research Ideas in Cybersecurity (Graduate Student)

Comments (4)