KNighter bridges the gap between large language models and static analysis, enabling automatic generation of specialized bug detectors for complex systems like OS kernels.

• Synthesizes custom static analyzers from LLM-generated code, avoiding direct LLM application to large codebases
• Discovered 32 previously unknown bugs in Linux and FreeBSD kernels, with 11 assigned CVE numbers
• Achieves high precision (79%) while automating a traditionally manual, expert-driven process
• Demonstrates practical security impact by identifying real vulnerabilities without requiring manual analyzer development

This approach significantly reduces the expertise barrier for creating sophisticated static analyzers, allowing security teams to rapidly develop customized bug detectors for critical infrastructure.

KNighter: Transforming Static Analysis with LLM-Synthesized Checkers