This work addresses the limitations of large language models (LLMs) in analyzing real-world codebases, where constrained context windows and inadequate modeling of cross-function or cross-file data flows hinder the generation of complex static analysis queries and lead to missed deep vulnerabilities. To overcome these challenges, the authors propose CodeBadger—the first open-source framework built on the MCP protocol—that tightly integrates the Joern code property graph (CPG) engine with LLMs. By leveraging high-level program analysis tools such as program slicing, taint tracking, and data flow analysis, CodeBadger enables semantic, targeted exploration without requiring manual query writing. This approach breaks through the bottlenecks of LLMs in program structure comprehension and context scalability, successfully uncovering a previously unknown buffer overflow vulnerability in libtiff within an 8,000-method codebase and correctly patching an integer overflow flaw in libxml2 (CVE-2025-6021) on the first attempt.

Large Language Models (LLMs) face critical challenges when analyzing security vulnerabilities in real world codebases: token limits prevent loading entire repositories, code embeddings fail to capture inter procedural data flows, and LLMs struggle to generate complex static analysis queries. These limitations force existing approaches to operate on isolated code snippets, missing vulnerabilities that span multiple functions and files. We introduce codebadger, an open source Model Context Protocol (MCP) server that integrates Joern's Code Property Graph (CPG) engine with LLMs. Rather than requiring LLMs to generate complex CPG queries, codebadger provides high level tools for program slicing, taint tracking, data flow analysis, and semantic code navigation, enabling targeted exploration of large codebases without exhaustive file reading. We demonstrate its effectiveness through three use cases: (1) navigating an 8,000 method codebase to audit memory safety patterns, (2) discovering and exploiting a previously unreported buffer overflow in libtiff, and (3) generating a correct patch for an integer overflow vulnerability (CVE-2025-6021) in libxml2 on the first attempt. codebadger enables LLMs to reason about code semantically across entire repositories, supporting vulnerability discovery, patching, and program comprehension at scale.