VulnScout-C: A Lightweight Transformer for C Code Vulnerability Detection

TL;DR

VULNSCOUT-C is a compact transformer model designed for efficient C code vulnerability detection, outperforming larger models and static analysis tools in accuracy and inference cost.

Contribution

The paper introduces a lightweight transformer architecture and a new curated dataset to enhance C vulnerability detection in practical, low-latency environments.

Findings

VULNSCOUT-C outperforms state-of-the-art models and static analysis tools.

The model achieves high detection accuracy with significantly lower inference cost.

The curated dataset fills coverage gaps in existing benchmarks.

Abstract

Vulnerability detection in C programs is a critical challenge in software security. Although large language models (LLMs) achieve strong detection performance, their multi-billion-parameter scale makes them impractical for integration into development workflows requiring low latency and continuous analysis. We introduce VULNSCOUT-C, a compact transformer architecture with 693M total parameters (353M active during inference), derived from the Qwen model family and optimized for C code vulnerability detection. Alongside the model, we present VULNSCOUT, a new 33,565-sample curated dataset generated through a controlled multi-agent pipeline with formal verification, designed to fill coverage gaps in existing benchmarks across underrepresented CWE categories. Evaluated on a standardized C vulnerability detection benchmark, VULNSCOUT-C outperforms all evaluated baselines, including state-of-the-art reasoning LLMs and commercial static analysis tools, while offering a fraction of their inference cost. These results demonstrate that task-specialized compact architectures can match or even outperform the detection capability of models orders of magnitude larger, making continuous, low-latency vulnerability analysis practical within real-world development workflows.