SmallScan is a private research project I'm currently working on. The goal is to develop an LLM-driven web security testing tool that works reliably with smaller language models. The focus of the research is on:
- efficient orchestration of simple, dedicated "agents" that allows complex tests to be divided into small subtasks
- developing reproducible, traceable, and comprehensible execution flows
- developing and implementing reusable "agent team" patterns
As frontier models become more powerful, there is a growing risk of delegating too much of the cognitive work to them. While the performance of these models is indeed impressive, it comes at the price of less understandable results and more hidden failure modes. The idea behind SmallScan is that good engineering, solid domain knowledge, and insights from various research areas, ranging from argumentation theory to software verification, can be leveraged to build powerful "agentic" tools with smaller open-weight models.
Notes, results, and code will appear here as the work progresses.
(To be continued)