How to scan your code bases using AI for vulnerabilities with Jeff McJunkin

limacharlie logo
LimaCharlie
Apr 23, 2026
LimaCharlie

Join us for this week's Defender Fridays as Jeff McJunkin, Founder of Rogue Valley Information Security, walks through how he built an AI-powered pipeline to scan large codebases for real, exploitable vulnerabilities, using the Linux kernel as his proving ground.

At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

What We'll Discuss

In this episode, Jeff McJunkin pulls back the curtain on a multi-stage agentic pipeline that goes from wild accusation to validated kernel exploit, and shares what that process looks like when you're running millions of tokens across multiple frontier models simultaneously.

Key Topics:

  • Why verifiable rewards matter when using LLMs for vulnerability research
  • How to structure a multi-stage pipeline: finding, validation, minimization, and exploitation
  • Using kernel address sanitizer as a hard gate before investing further compute
  • How multiple frontier models (Claude, GPT, Gemini) each play different roles in the workflow
  • Why Postgres and boring technology beat complexity at scale
  • What this approach looks like applied defensively to your own internal codebase

About Our Guest

Jeff McJunkin is the Founder of Rogue Valley Information Security and an instructor at SANS. A practitioner with deep offensive security roots, Jeff has spent months building and iterating on an agentic vulnerability research pipeline targeting the Linux kernel, and has the confirmed findings to show for it.

Register for Live Sessions

Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.

Register here: https://limacharlie.io/defender-fridays

Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!

Sponsored by LimaCharlie

This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.

Why LimaCharlie?

  • Eliminate vendor sprawl and tool complexity
  • Deploy and scale effortlessly on native multi-tenant architecture
  • Reduce costs with intelligent data routing and free 1-year retention
  • Build custom solutions with 100+ security capabilities on-demand
  • Accelerate response with agentic AI that acts directly within predefined workflows

Try the Agentic SecOps Workspace free: https://limacharlie.io
Learn more: https://docs.limacharlie.io

Follow LimaCharlie

Sign up for free: https://limacharlie.io
LinkedIn: / limacharlieio
X: https://x.com/limacharlieio
Community Discourse: https://community.limacharlie.com/

Host: Maxime Lamothe-Brassard - Founder at LimaCharlie
Guest: Jeff McJunkin - Founder at Rogue Valley Information Security

#defenderfridays #limacharlie #cybersecurity #infosec #secops #aiagents #vulnerabilityresearch

Copyright © 2026 OpsMatters™. All rights reserved.