Detecting Cryptographically Relevant Software Packages with Collaborative LLMs

Imagine you are the security chief of a massive, bustling city (your company's IT system). This city is built from thousands of different buildings, each made of various materials (software packages). Some of these buildings contain the city's most valuable vaults and secret codes (cryptographic assets).

Now, imagine a new threat: a "Quantum Thief" is coming. This thief has a master key that can open any old-fashioned lock. To stop them, you need to find every single vault in your city and upgrade the locks to "Quantum-Proof" ones.

The Problem:
Your city is huge. There are over 65,000 buildings. Trying to walk through every single one, look at the blueprints, and decide if it contains a vault is impossible for a human team. It would take forever. Also, some vaults are hidden deep inside other buildings, making them hard to spot.

The Solution: The "Council of AI Detectives"
The researchers in this paper propose a clever solution: instead of hiring one super-expert detective, they hire a team of five different AI detectives (Large Language Models or LLMs) and ask them to work together.

Here is how their method works, broken down into simple steps:

1. The Briefing (The Prompt)

The researchers give each AI detective a "dossier" on a specific building. This dossier includes the building's name, a short description of what it does, and a list of its neighbors (dependencies).

Analogy: It's like handing a detective a file that says, "This is a bakery. It uses flour from a specific mill. Is there a secret vault inside?"

2. The Investigation (The Query)

The AI detectives read the dossier and answer a simple question: "Does this package use cryptography?"

They must answer in a specific format (like a checklist), saying "Yes" or "No."
Crucial Detail: The researchers keep these AI detectives on-premises (in their own office). They don't send the data to the cloud. This is like keeping the investigation files in a locked safe so no outside spies can see your company's secrets.

3. The Council Vote (Majority Voting)

This is the magic part. Since AI can sometimes make mistakes or get confused, the researchers don't trust just one detective.

They ask all five detectives to vote.
If 3 or more detectives say "Yes, it's a vault," then the system marks it as a cryptographic package.
Analogy: Imagine a jury. If 3 out of 5 jurors agree a suspect is guilty, the verdict is "Guilty." This "wisdom of the crowd" helps cancel out individual mistakes.

4. The Training Loop (Getting Smarter)

In the beginning, the AI detectives weren't perfect. Some gave messy answers, and some missed the vaults.

The Fix: The researchers acted like coaches. They realized that different detectives needed different instructions.
- One detective liked short, punchy instructions.
- Another needed long, detailed explanations.
They tweaked the questions (prompts) for each detective and asked them to try again. This is called Prompt Engineering.
They also fixed the "scorecards" so that if a detective wrote a messy answer, the system could still read it instead of throwing it away.

The Results

After this training, the team of AI detectives became very good at their job.

They successfully identified the "vaults" in the software city with high accuracy.
Interestingly, the smallest AI detective (who uses less computing power) was sometimes better at finding the vaults than the giant, expensive ones.
The team of five working together (the majority vote) was more reliable than any single detective working alone.

Why Does This Matter?

Speed: It turns a job that would take humans years into something that can be done in days.
Privacy: Because the AI runs locally on your own servers, you don't have to worry about sending your secret code lists to a big tech company.
Future-Proofing: It helps organizations prepare for the "Quantum Thief" by quickly finding all the old locks that need upgrading.

In a Nutshell:
This paper shows that by using a team of local AI detectives, giving them clear instructions, and letting them vote on the answer, we can quickly and safely map out all the secret cryptographic parts of our software systems. It's like having a super-efficient, privacy-focused search party to find the hidden keys before the Quantum Thief arrives.

Here is a detailed technical summary of the paper "Detecting Cryptographically Relevant Software Packages with Collaborative LLMs."

1. Problem Statement

Organizations face increasing security threats, including advanced persistent attacks and future risks from quantum computing (which threatens classical cryptographic schemes). Achieving crypto-agility—the ability to rapidly adapt cryptographic mechanisms—requires a reliable inventory of all cryptographic assets (algorithms, keys, protocols) within heterogeneous IT environments.

Current challenges include:

Scale and Complexity: Modern systems contain tens of thousands of software packages with complex dependency trees (transitive dependencies), making manual inventory impossible.
Limitations of Traditional Tools: Static code analysis and keyword-based pattern matching often fail due to language specificity, false positives, and an inability to handle obfuscated or binary-only code.
Privacy Concerns: Sending proprietary software data to external cloud-based Large Language Models (LLMs) violates data confidentiality, necessitating on-premises solutions.

2. Methodology

The authors propose a collaborative, on-premises framework that uses multiple local LLMs to heuristically identify cryptographically relevant software packages. The process follows an iterative workflow (illustrated in Figure 1 of the paper):

A. Data Collection

Dataset: 65,295 software packages from the Fedora Linux distribution were analyzed.
Input Data: For each package, the system extracts the name, description, and first-level dependencies using the dnf package manager.
Preprocessing: Version and architecture specifics are stripped to create a canonical package name, while descriptions are retained to provide context.

B. Prompt Engineering & Querying

Models: Five distinct local LLMs were deployed to ensure technical diversity and privacy:
- GPT4All Framework: gpt4all-13b-snoozy, Meta-Llama-3-8B, Nous-Hermes-2-Mistral-7B, Phi-3-mini.
- Ollama Server: DeepSeek R1 (chosen for its iterative reasoning capabilities).
Prompt Strategy: Prompts were engineered using few-shot and instruction prompting techniques. They require the LLM to output a structured JSON response containing a boolean classification (True/False for cryptographic relevance) and a justification.
Optimization: Prompts were tailored to specific models (e.g., longer, detailed prompts for larger models like DeepSeek; concise prompts for smaller models like Phi).

C. Aggregation & Consensus

Majority Voting: A collaborative strategy aggregates the outputs of $n$ models. A package is classified as "cryptographically relevant" if at least $\lfloor n/2 \rfloor + 1$ models agree.
Error Handling: A custom JSON parser handles formatting errors (missing quotes/brackets) common in LLM outputs. Unparsable responses are discarded.
Statistical Validation: The authors analyzed the Design Effect and Effective Sample Size (ESS) to quantify model correlation. They found that despite using 5 models, the effective independent sample size was only ~1.6 due to moderate correlation ( $\rho \approx 0.52$ ) among models.

D. Validation

Ground Truth: A stratified random sample of 390 packages was manually reviewed by experts to establish ground truth.
Metrics: Performance was evaluated using Accuracy, Specificity, Precision, Recall, and F1-score.
Cross-Validation: A 5-fold cross-validation was performed to ensure the robustness of the model ensemble.

3. Key Contributions

On-Premises Collaborative Framework: A novel approach that enables organizations to perform cryptographic asset discovery without exposing data to external cloud providers, utilizing a "majority vote" of local LLMs.
Heuristic Classification: Demonstrates that LLMs can effectively act as heuristic filters for cryptographic relevance, overcoming the rigidity of static analysis tools.
Iterative Optimization Strategy: The paper details a rigorous process of prompt engineering, parsing logic refinement, and model selection that significantly boosts performance.
Statistical Analysis of LLM Ensembles: Provides a statistical evaluation of model independence, showing that while models are correlated, a majority-vote strategy still yields reliable results.
Open Source Release: All code, data, and the framework (OTH-AMiQuaSy) are released as open source to facilitate reproducibility.

4. Results

The study evaluated the approach through three stages: initial testing, prompt optimization, and final ensemble selection.

Initial Performance: The raw majority vote achieved an F1-score of 0.72. Individual models varied significantly (e.g., Llama: 0.77, GPT4All: 0.53).
Impact of Optimization: After refining prompts and parsing logic:
- The Majority Vote improved to an F1-score of 0.86.
- The best individual model (DeepSeek) reached an F1-score of 0.84.
- The optimized local ensemble performance became competitive with state-of-the-art online models (e.g., GPT-5, Gemini), which achieved F1-scores between 0.83 and 0.86.
Model Selection: Through cross-validation, the optimal ensemble was identified as a combination of DeepSeek, Phi, and Mistral. This 3-model set achieved an average F1-score of 0.82 with a high Recall of 0.86, which is critical for security applications to minimize false negatives.
Correlation Insight: The study confirmed that adding more than 3–5 models yields diminishing returns due to model correlation, suggesting that a small, diverse ensemble is more efficient than a large homogeneous one.

5. Significance and Future Directions

Enabling PQC Migration: This tool provides the essential first step for Post-Quantum Cryptography (PQC) migration by automating the creation of a Cryptographic Bill of Materials (CBOM).
Privacy-Preserving Security: It proves that high-accuracy security analysis can be performed entirely on-premises, addressing a major barrier to adopting AI in enterprise security.
Practical Utility: The approach reduces the manual workload for security teams, allowing them to focus on high-priority vulnerabilities rather than scanning thousands of packages.
Future Work: The authors plan to extend the framework to extract specific cryptographic primitives (e.g., identifying RSA vs. ECC) and integrate the tool into a broader automated asset discovery framework.

In conclusion, the paper demonstrates that collaborative local LLMs, when properly optimized and aggregated, offer a robust, privacy-compliant, and highly effective solution for detecting cryptographically relevant software in complex enterprise environments.