As organisations accelerate digital transformation, cybersecurity has become a defining challenge of the modern enterprise. At Singapore Management University (SMU), Associate Professor Shar Lwin Khin, Director of the MITB Cybersecurity track, is advancing research that enhances how vulnerabilities are identified and resolved.
His work harnesses the power of artificial intelligence (AI) and large language models (LLMs) to streamline security analysis—enabling faster, more accurate detection of threats and giving cybersecurity professionals stronger, more adaptive tools to safeguard digital systems.
A smarter way to link code vulnerabilities to their fixes
One focus of Assoc Prof Shar’s research is issue-commit linking—the process of connecting reported problems to the actual code changes (or commits) that fix them. This practice is critical for traceability, security audits, and compliance, but many projects fail to maintain accurate links due to time and resource constraints.
To improve on existing issue-commit linking methods, his research team developed EasyLink, a solution that integrates a vector database with an LLM to identify strong matches to a reported issue. During testing, EasyLink achieved a Precision@1 of 75%: 75% of the time, the first result in the ranked list of commits was relevant to the issue. This outperformed the current ‘gold standard’ method—which uses more complex deep learning models—by over four times.
“This shows that newer methods aren’t always better. Sometimes progress means going back to the basics, then combining established methods with the reasoning power of LLMs. It’s about solving the problem based on how practitioners face it,” notes Assoc Prof Shar.
Identifying vulnerable software versions with LLMs
Another major challenge in cybersecurity is determining which versions of software are affected when a vulnerability is disclosed. Public platforms such as the National Vulnerability Database (NVD) often provide incomplete information, leaving organisations unsure whether their systems are truly at risk.
To address this, Assoc Prof Shar’s team created VERCATION, a tool that combines static analysis with LLM reasoning to identify exactly which versions of open-source software (OSS) carry a given vulnerability. Unlike previous tools that examined only surface-level code similarities, VERCATION analyses code semantics using graph-based representations and LLM reasoning.
In evaluations across 122 vulnerabilities and more than a thousand OSS versions, VERCATION achieved an F1 (precision and recall performance) score of 93.1%, significantly outperforming current leading methods. More importantly, it uncovered 202 errors in NVD records—indicating cases where organisations either patched non-vulnerable systems or overlooked genuine threats.
“The cost of wrong information can be huge,” Assoc Prof Shar explains. “If you patch unnecessarily, you risk breaking dependencies and disrupting operations. If you miss a vulnerable version, you risk a breach. Our work helps IT professionals make better decisions with greater confidence.”
Bridging research and practice through the MITB programme
Both EasyLink and VERCATION show how LLMs can automate cybersecurity tasks—and exemplify the mindset that will shape future leaders in this field. These research insights feed directly into the newly launched Cybersecurity track in the SMU Master of IT in Business (MITB) programme, preparing professionals to address evolving threats while aligning security with organisational goals.
Students in this specialised track will gain both technical skills and strategic insight in secure software development, AI-enhanced security analysis, governance and compliance. This positions graduates to thrive in roles ranging from vulnerability management specialists to chief information security officers (CISOs).
“Cybersecurity today is more than finding and fixing flaws,” says Assoc Prof Shar. “Professionals who can combine core security expertise with AI fluency and business alignment will be the ones in the driver’s seat.”
Become a practice-oriented leader in cybersecurity
Assoc Prof Shar’s studies show that LLMs are not replacing cybersecurity professionals. Rather, LLMs will optimise their workflow, giving them sharper tools to trace vulnerabilities, assess risks, and act decisively.
The SMU MITB Cybersecurity track builds on this principle, empowering professionals to lead securely in an increasingly interconnected digital world.
Lead securely in an AI-powered world. Through the Master of IT in Business (MITB) Cybersecurity track at SMU, you will gain the technical expertise, strategic perspective, and AI-driven insight needed to anticipate and mitigate evolving threats. Join a new generation of cybersecurity leaders shaping safer, smarter digital futures.
