GenAI Automated CVE Fixer
An LLM-driven pipeline that automatically remediates known security vulnerabilities across an enterprise codebase, replacing slow manual patching.
Security teams at a Fortune-class logistics enterprise were manually triaging and patching CVEs across a large codebase — a slow, repetitive process that left exposure windows open longer than acceptable.
Designed and built an automated CVE remediation pipeline using generative AI LLMs to identify affected code, generate fixes, and route them through existing review gates — keeping a human in the loop while removing the manual drudgery.
Projected ~$1.3M in annual savings (2023) from reduced manual remediation effort and faster vulnerability closure.
The core design bet was pairing LLM generation with deterministic guardrails: the model proposes remediations, but every change still flows through the organization’s normal review and CI gates rather than being applied blindly. That boundary is what made it deployable in an enterprise security context rather than a demo.
The value isn’t novelty — it’s taking a high-volume, low-judgment task off security engineers’ plates and compressing the exposure window between CVE disclosure and patched deployment. The $1.3M savings projection followed directly from the labor removed: engineers freed from routine patching redirected to work that required judgment.
This was also the first production use of generative AI for code modification at the organization, which meant the governance framing — human review gate, audit trail, rollback path — was as much the deliverable as the model itself.