English

LLaVul: A Multimodal LLM for Interpretable Vulnerability Reasoning about Source Code

Artificial Intelligence 2025-09-23 v1 Computation and Language

Abstract

Increasing complexity in software systems places a growing demand on reasoning tools that unlock vulnerabilities manifest in source code. Many current approaches focus on vulnerability analysis as a classifying task, oversimplifying the nuanced and context-dependent real-world scenarios. Even though current code large language models (LLMs) excel in code understanding, they often pay little attention to security-specific reasoning. We propose LLaVul, a multimodal LLM tailored to provide fine-grained reasoning about code through question-answering (QA). Our model is trained to integrate paired code and natural queries into a unified space, enhancing reasoning and context-dependent insights about code vulnerability. To evaluate our model performance, we construct a curated dataset of real-world vulnerabilities paired with security-focused questions and answers. Our model outperforms state-of-the-art general-purpose and code LLMs in the QA and detection tasks. We further explain decision-making by conducting qualitative analysis to highlight capabilities and limitations. By integrating code and QA, LLaVul enables more interpretable and security-focused code understanding.

Keywords

Cite

@article{arxiv.2509.17337,
  title  = {LLaVul: A Multimodal LLM for Interpretable Vulnerability Reasoning about Source Code},
  author = {Ala Jararweh and Michael Adams and Avinash Sahu and Abdullah Mueen and Afsah Anwar},
  journal= {arXiv preprint arXiv:2509.17337},
  year   = {2025}
}
R2 v1 2026-07-01T05:48:47.360Z