Over the past few days, I’ve been continuing my work on using LLMs to analyze the root causes of attack transactions. Right now, the system can break down root causes in great detail, and compared with reports from other security companies, the results line up perfectly. It turns out this still takes a lot of work, plus tons of prompt and agent tuning — it’s definitely not an easy job. But current results are trustworthy, accurate, and precise. There’s still plenty of testing to do, but this already shows that in the future, manual root cause analysis might become a thing of the past. (Honestly, it’s a lot easier than AI auditing.) What’s even more exciting is that LLMs can actually understand opcodes and disassembly code — things humans often struggle to read quickly. That makes them super helpful for digging deep into root causes.