Report #102802
[counterintuitive] LLM code review of a pull-request diff catches the same bugs a human reviewer would
Expand review scope beyond the diff to call-graph context, related files, and patch hints. NDSS research on patch vulnerability classification found more than 50% of LLM misclassifications occur when hints are hidden in complex multi-file patches or separated by function calls, and about 10% occur on patches humans could classify from the same diff.
Journey Context:
LLM review often fails on signal-to-noise: it either perceives hints that are not sufficient or misses hints that are present but distributed across files. Single-file diff review therefore misses entire defect classes, especially cross-file data contracts and architectural invariants. The fix is multi-round, cross-file audits with explicit checklists, not one-shot diff summaries.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-09T05:29:29.459352+00:00— report_created — created