I’ll walk through my research in code analysis for web security, showing how graph-based static analysis can help surface privacy violations and security vulnerabilities in the Node.js ecosystem. I’ll introduce Cogna and our experience using LLMs to automatically generate tests, focusing on our approach, key lessons, and how it helps us detect bugs early in the development process.