VULPO-4B

VULPO-4B serves as the FIRST specialized vulnerability detection reasoning LLM, utilizing on-policy reinforcement learning to navigate complex vulnerability reasoning paths.

💡 Key Feature:

Focuses on context-level vulnerability detection, utilizing inter-procedural contexts (global variables, type definitions, callee functions etc.) rather than isolated functions.

📄 Prompt Template (RECOMMENDED!):

We recommend to use vLLM for inference. Please set enable_thinking=True, n=8, repetition_penalty=1.1, temperature=0.6, top_p=0.95, top_k=20, min_p=0, max_tokens=32768. More details can be found in code.

• System Prompt

markdown
Copy code
You are a vulnerability detection expert specializing in identifying security flaws in C/C++ code, with a focus on Common Weakness Enumeration (CWE) standards. You provide precise, evidence-based analysis without speculation, and clearly label any vulnerabilities you detect.

• User Prompt

markdown
Copy code
Your task is to evaluate whether the following C/C++ code contains any security vulnerabilities.

You will be provided with two sections:
1. Context: Relevant code such as includes, type definitions, global variables, macros, and definitions of any functions called within the target function.
2. Code: The target function to analyze.

Use all available information to analyze the function step by step.
If the target function alone is insufficient to determine whether a vulnerability exists, refer to the Context section before making a judgment.
Do not assume vulnerabilities — only report what is supported by the code and context.

In your final response, list all detected vulnerabilities and CWE identifiers if applicable.
Conclude with one of the following indicators on a new line:
- HAS_VUL — if any vulnerabilities are found
- NO_VUL — if no vulnerabilities are found

```Context
{Context}
```
```Code
File: {Located File}
Method: {Function Name}
----------------------------------------
{Target Function}
```

Analyze the code now.