PyData Prague #35 - Probably unreliable vulnerabilities

Hello Python extractors and vulnerable agents,

The 35th PyData meetup will take place at Aisle offices (Palác Zlatý kříž, 2nd floor). As usual, the talks will start at 18:30 but we encourage you to come as soon as 18:00 to enjoy the opportunity to socialize and refresh yourselves (which you can continue doing during the break and after the talks).

Our main goal is to build the community around Python and data and make it welcoming to people of various skills and experience levels.

⚡ If you are interested in giving a lightning talk (up to 5 minutes to present an idea, tool or results related at least to some degree to Python and/or data), please contact us before the event or at its beginning.

What a Single-File LLM Security Analyzer Taught Us?
(Stanislav Fort, Aisle)

High-quality AI security research can uncover real vulnerabilities in critical infrastructure. AISLE is one example of this higher-signal approach, with validated findings in projects like OpenSSL and curl. At the same time, low-quality AI-generated reports are flooding open-source maintainers with false positives.

How hard is it to find a security bug? We will explore that question through nano-analyzer, a deliberately simple open-source security scanner. For many vulnerability classes, the surprising core is not a complex platform, but a well-aimed LLM call wrapped in the right workflow.

This simplicity has limits. The approach may miss obvious issues, hallucinate risky findings, or produce inconsistent results across runs. That is why validation, triage, benchmarking, and human judgment matter, and why the real challenge is building reliable processes around unreliable primitives.

Getting reliable text when PDFs lie and OCR fails
(Marcela Brichtová Piptová, Rossum)

LLMs need text as an input. So before a model can reason about a document, we hav