The most expensive incidents from 2023 to 2026 have a recurring shape: an auth bypass that lived in the seam between two correctly-implemented layers. Each layer worked as designed. The bug was in the interaction. CVE-2024-21626 in Ivanti Connect Secure, CVE-2024-3400 in Palo Alto GlobalProtect, the MOVEit Transfer SQL-injection-to-auth-bypass chain — all of these were composition failures, not single-component failures. Discovering these requires analysis that reasons across abstraction layers, and it is one of the cleanest places where Griffin AI's deterministic-engine-plus-LLM architecture beats Mythos-class general-purpose AI-for-security approaches.
Why auth bypasses are interaction bugs
Three structural reasons:
- Authentication and authorization are layered. A request typically passes through TLS termination, reverse proxy, CDN, application middleware, framework router, controller authentication check, controller authorization check, and finally business logic. Each layer has its own model of what is authenticated and authorized. Mismatches between layers are bugs.
- Each layer has its own assumptions. A reverse proxy that strips a header for security reasons does not know whether the application uses that header for a different purpose. A controller that trusts a JWT signature does not know that the JWT was issued with the wrong audience claim three layers up.
- The interaction surface is large. Modern web apps have 10–20 layers of request processing. The pairwise interaction surface is in the hundreds. Most are fine. A few are bugs.
Tools that analyse one layer at a time miss the bugs that live in the interaction. Tools that reason across layers find them.
Where pure-LLM tools land
Mythos-class general-purpose models can recognise common auth-bypass patterns from training data — if (user == null) return 401; do_thing(user) is recognised as a check-then-do pattern, and the model can reason about race conditions in it. The pattern recognition works.
The breakdown happens when the bypass crosses framework or library boundaries. A bypass in the interaction between an Express middleware that sets req.user and a Passport.js strategy that sets it differently is a multi-file, multi-package reasoning task. The model may see one file at a time but does not reliably reconstruct the cross-package interaction.
The result is over-reporting on the recognised single-file patterns and under-reporting on the cross-layer composition bugs that disproportionately matter in production.
How Griffin AI handles it
Three deterministic steps before the LLM step:
Layer identification. The engine identifies the auth-relevant layers in the codebase: middleware chains, framework decorators, route guards, manual checks. Each layer is annotated with the auth state it sets, reads, or modifies.
Cross-layer state tracking. For each request flow, the engine tracks how the auth state evolves: what is set, what is read, what is required, what bypasses what. Inconsistencies are surfaced.
Interaction analysis. Pairs of layers that interact in non-obvious ways are flagged: a reverse proxy that strips X-Forwarded-For combined with an application that trusts X-Real-IP, a JWT validator that doesn't check audience combined with a callback that uses the audience to route, etc.
The output of the engine is a structured map of auth interactions; Griffin AI then reasons about which interactions constitute exploitable bypasses.
A concrete example
A Spring Boot application uses Spring Security with method-level @PreAuthorize annotations. A separate WebFilter sets request.setAttribute("authenticatedUser", ...) based on a custom JWT. A controller calls a service method that has @PreAuthorize("isAuthenticated()") and accesses the request via RequestContextHolder.currentRequestAttributes().getAttribute("authenticatedUser").
The bug: @PreAuthorize("isAuthenticated()") checks Spring Security's authentication state, which is independent of the WebFilter's authenticatedUser attribute. A request without a valid JWT but with a valid Spring Security session passes the @PreAuthorize check, then accesses an authenticatedUser attribute that may have been set by an earlier request in a different session.
Griffin AI surfaces this as a finding: "auth state inconsistency between Spring Security context and WebFilter-set attribute; the @PreAuthorize check does not verify the same auth state that the controller reads." A pure-LLM tool recognising the @PreAuthorize pattern but not tracking the cross-layer state often passes this without comment.
Coverage across auth-bypass classes
Path-first auth analysis applies to:
- Authentication bypass through layer mismatches (reverse proxy, application, framework).
- Authorization bypass through inconsistent role checks across layers.
- Session fixation where a session identifier flows from an untrusted layer to a trusted one.
- JWT validation bypasses including audience confusion, algorithm confusion, kid header manipulation.
- OAuth/OIDC misuse including state parameter mishandling, redirect URI confusion, scope escalation.
- Mass assignment where unprotected fields flow into authorization-relevant state.
- Confused deputy where an authenticated component invokes a sensitive operation on behalf of an unauthenticated request.
Each follows the same cross-layer interaction analysis pattern.
What to evaluate
Three concrete checks:
- Show the platform a vulnerable application with an auth bypass that lives in the interaction between two middleware components. Is the cross-layer interaction surfaced?
- Show the platform a JWT audience-confusion vulnerability. Does the finding identify the audience claim mismatch as the root cause, or just flag the JWT validator?
- Walk through how the platform handles framework-specific auth decorators across Spring Security, Express + Passport, Django + DRF, Rails + Devise, and FastAPI dependencies.
The answers separate platforms that reason about auth interactions from platforms that recognise auth patterns.
How Safeguard Helps
Safeguard's engine maintains framework-specific knowledge of auth layers across major frameworks and tracks auth-state evolution across request flows. Cross-layer inconsistencies are surfaced as structured findings before Griffin AI's reasoning step. The customer-facing benefit is that the auth-bypass class — the most expensive incident class in 2023–2026 — is detected before disclosure rather than during incident response. For organisations whose threat model is dominated by interaction bugs, this architectural choice is the difference between "we found it before they did" and "we read about it in the breach announcement."