Llama 3 multi-agent SAST seeks resources

This is less a product announcement than a technically ambitious research scoping question, and that matters: the hard part is not “adding agents,” it is proving they improve security outcomes over simpler baselines.

• –Llama is a reasonable open-weight choice if the PhD needs local control, reproducibility, and lower deployment friction than closed APIs
• –Semgrep already covers the deterministic SAST layer, so the research value is in orchestration, context selection, and evaluation quality
• –A 10-agent breakdown risks premature complexity; a smaller baseline with clear ablations will be easier to defend in a paper
• –The strongest paper framing is likely “multi-agent workflow for security analysis” rather than “multi-agent Llama” itself
• –Benchmarking against single-agent prompting plus vanilla Semgrep should be mandatory, otherwise the agent architecture is just added machinery