
1
1
India
1 year of experience
Hello, I'm Sagnik. I'm currently pursuing my Bachelor of Technology degree in Electrical Engineering at IIT Kharagpur. My interest lies in Machine Learning, Artifical Intelligence and Autonomous Systems and their bridge with electronics. I'm also currently exploring the domain of competitive coding and low latency systems. I look forward to insightful discussions and connecting with new individuals.

KAVACH (Knowledge-driven Autonomous Vulnerability Assessment, Correction & Hardening) automates the detect-diagnose-patch-verify loop for web application vulnerabilities, replacing the manual bottleneck between security alerts and shipped fixes. A Log Monitor watches traffic in real time; a Forensic Investigator (LLM-driven) localizes the vulnerable code and cross-checks the finding against the actual source file to prevent hallucinated line numbers; a Patch Engineer rewrites the broken logic; and a Sandbox Test Harness re-fires the original exploit against an isolated copy of the app, only shipping the patch if it holds. Reliability comes from a five-layer safety stack: schema-constrained LLM output, confidence thresholding, source-line validation, in-memory AST syntax checks before any disk write, and a final sandbox exploit re-test. If the LLM fails or hallucinates, KAVACH switches to a deterministic, rule-based fallback using pre-written safe replacements instead of trusting generative output. This was stress-tested by deliberately swapping in Llama 4 Scout 17B, which produced confidently wrong patches — all caught and discarded by the AST layer, with 0% leakage recorded. KAVACH currently handles five vulnerability classes: SQL injection, command injection, path traversal, insecure deserialization, and SSRF. It runs fully on-premises on an AMD Radeon Pro Wseries GPU with a locally-served 14B coder model, keeping unpatched source code off any public cloud. Current limitations: it scans a single source file rather than a full repository, and the deterministic fallback requires manual rule-writing for each new vulnerability type.
13 Jul 2026