QRS: A Rule-Synthesizing Neuro-Symbolic Triad for Autonomous Vulnerability Discovery

QRS (Query, Review, Sanitize) is a neuro-symbolic framework that uses three autonomous agents with Large Language Models to generate CodeQL queries, validate findings through semantic reasoning, and perform automated exploit synthesis for vulnerability discovery. Unlike traditional SAST tools that rely on expert-crafted queries and predefined patterns, QRS autonomously discovers vulnerability classes beyond known patterns while reducing false positives. In testing on PyPI packages, QRS achieved 90.6% detection accuracy on 20 historical CVEs and identified 39 medium-to-high-severity vulnerabilities in the top 100 most-downloaded packages, with 5 assigned new CVEs.