Internship - AI-Based detection of cryptographic vulnerabilities in source code

About Quarkslab

Quarkslab builds cutting-edge cybersecurity solutions used by security-driven companies and institutions around the world. Our QShield product suite focuses on software protection and reverse engineering resistance across desktop, mobile, and embedded platforms.

We’re not in the cloud — we build real software, tested on real systems. If you enjoy diving deep into complex technical environments, automating smart test coverage, and owning quality end-to-end, read on.

Description

Develop an AI system capable of automatically detecting misuse of cryptography in source code. Typical errors include hardcoded keys, use ECB mode, weak random numbers, fixed initialization vectors, use of weak parameters.

What you will do

Over the course of your 6 month internship you will work on building an AI-based source code analysis system capable of identifying the use of cryptography and detect common misuses.

You will:

1. Build a labeled dataset of vulnerable and safe code snippets (from CWE/CVE sources).

2. Fine-tune or adapt a language model to detect misuse patterns.

3. Integrate the model into a static analysis or linting tool (CLI or IDE plugin).

Expected Results

• A working AI-based static analyzer for crypto misuse.

• A report explaining the vulnerabilities found.

• Comparison / integration with existing tools (Bandit, Semgrep, CryLogger).

• A presentation of your research project internally to peers, as well as a public communication (blog post, paper or conference talk) about it.

Required Skills

• Programing: Python, Pandas, scikit-learn (intermediate).

• Cryptography engineering: Symmetric cryptography, signing, hashing, CSPRNG (intermidiate).

• Static code analysis & pattern recognition (basic)

• Model prompting or fine-tuning (basic)

• Secure coding practices for C, C++, Python, Rust (intermidiate)

Assignment

Download the AEStoy challenge and follow the instructions in the README file.