TelhawkTELHAWK
Compare

Galen vs. Frontier LLM Security Review

Frontier AI can find possible risks. Galen helps prove what is real.

Frontier LLMs such as Claude Mythos, GPT-5.5, Gemini, and other AI security models can review code, explain logic, and identify possible security issues at impressive speed.

That is valuable.

But AI-generated findings still create a major operational problem: every finding has to be proven, prioritized, remediated, validated, and documented.

A strong LLM may describe a possible issue well. It may even suggest a reasonable fix. But LLMs can also produce false positives, duplicate findings, speculative conclusions, and hallucinated issues that are not supported by the actual code path, data flow, permission model, or application behavior.

That means security teams may still need to spend significant time proving what is real before they can safely assign work to developers.

Telhawk's Galen engine is built for that missing proof layer.

Galen is designed to eliminate almost all unsupported false positives by requiring structured evidence before a finding is treated as actionable. Instead of relying on speculation, Galen helps connect each finding to the affected path, sensitive operation, missing control, remediation pattern, and validation status.

LLMs can identify and explain possible risks. Galen helps turn security review into proof-backed findings, remediation direction, validation status, and audit-ready evidence.

The Core Difference

Raw Frontier LLM Review

A frontier LLM can often provide useful security observations.

It may say:

  • This route appears risky.
  • This permission check may be incomplete.
  • This API may expose sensitive data.
  • This AI agent may have excessive tool access.
  • This remediation may need additional validation.

That output can be valuable, but it is usually still advisory.

The model may be right. It may also be incomplete, speculative, duplicated, or unsupported by the actual application path.

The security team still has to answer:

  • Is the finding actually real?
  • Is it a false positive?
  • Is the model hallucinating a risk that the code does not actually support?
  • What exact code path proves it?
  • What data flow makes it dangerous?
  • Which guard or control is missing?
  • Does the issue cross a tenant, user, role, or permission boundary?
  • Is the finding a duplicate?
  • How severe is it in this application?
  • What fix should be made?
  • Did the fix actually remove the vulnerable path?
  • Can the result be exported into a durable report?

Without structured evidence, even a good AI finding can become another item in a large remediation backlog.

Telhawk + Galen

Galen is Telhawk's proprietary proof engine for code, APIs, AI agents, and AI-generated software.

Galen is designed to produce structured security evidence around a finding, including:

  • Affected route, handler, function, API, or agent workflow
  • Entry point and user-controlled input
  • Sensitive object, operation, or tool reached
  • Security-relevant data-flow path
  • Existing guard or control
  • Missing authentication, authorization, validation, ownership, tenant, role, or approval control
  • Why the existing control is insufficient
  • Exploit condition
  • Business and security impact
  • Remediation pattern
  • Sample correction approach, where appropriate
  • Suggested validation test
  • Validation status after correction
  • Residual risk or follow-up notes
  • Exportable finding history and reporting

The difference is not that Galen simply "finds more."

The difference is that Galen helps separate real, evidence-backed security issues from unsupported AI noise.

Side-by-Side Comparison

Raw Frontier LLM Review

Can identify possible vulnerabilities

Telhawk + Galen

Produces proof-backed findings tied to affected paths

Raw Frontier LLM Review

May hallucinate issues or infer risks not supported by the code

Telhawk + Galen

Requires structured evidence before a finding is treated as actionable

Raw Frontier LLM Review

May produce false positives

Telhawk + Galen

Designed to eliminate almost all unsupported false positives through evidence-based review

Raw Frontier LLM Review

Can explain why something may be risky

Telhawk + Galen

Shows the route, handler, data flow, missing control, and exploit condition

Raw Frontier LLM Review

May provide useful remediation suggestions

Telhawk + Galen

Connects remediation guidance to the proven vulnerable path

Raw Frontier LLM Review

May miss relationships across routes, middleware, roles, permissions, APIs, and data flows

Telhawk + Galen

Analyzes security-relevant relationships across the application path

Raw Frontier LLM Review

May flag issues that require manual verification

Telhawk + Galen

Helps provide evidence that supports verification

Raw Frontier LLM Review

May produce duplicate or overlapping findings

Telhawk + Galen

Helps structure and consolidate findings around the real vulnerable path

Raw Frontier LLM Review

May suggest a fix without confirming it worked

Telhawk + Galen

Supports validation after corrected code or configuration is submitted

Raw Frontier LLM Review

May create a large triage workload

Telhawk + Galen

Helps prioritize issues based on evidence and impact

Raw Frontier LLM Review

May lack durable audit history

Telhawk + Galen

Preserves exportable reporting, finding history, remediation record, and validation status

Raw Frontier LLM Review

Works best when given high-quality context

Telhawk + Galen

Galen helps create the structured context AI needs to reason better

Why This Matters

Security teams do not just need more findings. They need answers they can act on.

What is the risk?

Identify the actual security issue, not just a possible concern.

Where is the proof?

Show the affected path, data flow, missing control, and evidence.

Is this real or unsupported noise?

Separate proof-backed findings from false positives, speculation, and hallucinated issues.

Why does it matter?

Connect the finding to business, customer, data, tenant, API, or agent impact.

What should be fixed?

Provide remediation direction and a clear correction pattern.

Did the correction work?

Validate whether the original vulnerable path was removed.

Can the result be documented?

Preserve finding history, remediation status, validation status, and exportable reporting.

Raw LLM review can help with parts of this process. Galen is designed to support the full workflow from finding to proof, remediation, validation, and reporting.

Example 1: Billing Endpoint Authorization

Realistic Frontier LLM Finding

The billing history endpoint appears to accept a customer_id parameter and use it to retrieve invoice records. If the endpoint only verifies that the requester is authenticated, but does not confirm that the requested customer_id belongs to the authenticated user or tenant, this could allow cross-customer access to billing data. Review the authorization logic and ensure invoice queries are scoped to the authenticated tenant or account.

This is a useful AI-generated finding. It gives the team a plausible issue and a reasonable remediation direction.

But it still leaves important work unresolved:

  • Is the issue real or speculative?
  • Which exact route is affected?
  • Where does customer_id enter the system?
  • Which handler, function, or query uses it?
  • Which sensitive object is reached?
  • Which ownership or tenant guard is missing?
  • Why is the existing authentication check insufficient?
  • What is the exploit condition?
  • Is the issue actually reachable?
  • What correction pattern should the developer use?
  • Does the corrected query fix the vulnerable path?
  • How should this be documented for a customer, auditor, or security team?
Telhawk + Galen Evidence Package
Finding: Cross-customer invoice access
Severity: Critical
Evidence status: proof-backed finding
False-positive control: finding is supported by a traced path from request input to sensitive billing data without a tenant ownership guard
Affected route: GET /api/customers/{customer_id}/billing-history
Entry point: authenticated customer billing-history request
User-controlled input: customer_id from request path
Data-flow path: request path parameter → billing-history handler → invoice lookup query → billing-history response
Sensitive object reached: invoice and billing-history records
Sensitive operation: invoice lookup and billing-history return
Existing control: endpoint verifies that the requester is logged in
Missing control: endpoint does not verify that customer_id belongs to the authenticated user's tenant or account before the invoice query executes
Why existing control is insufficient: authentication confirms who the requester is, but does not confirm that the requester owns or is authorized to access the requested customer record
Exploit condition: authenticated User A can submit or modify a customer_id value associated with User B or another tenant
Evidence summary: customer_id flows from the request path into the invoice lookup without a tenant-scoped ownership check before billing records are returned
Impact: an authenticated user may be able to retrieve another customer's billing history by changing the customer_id value
Recommended correction: require tenant or ownership validation before invoice lookup; scope the invoice query to the authenticated tenant or customer context
Sample remediation pattern: query invoices using both the requested customer identifier and the authenticated tenant or customer context, rather than trusting the request parameter alone
where: { customerId: requestedCustomerId, tenantId: authenticatedUser.tenantId }
Suggested validation: test User A requesting User B's customer_id; the request should be denied, return no records, or return only records within User A's authorized tenant context
Pre-fix validation status: vulnerable path reaches billing records outside authorized tenant context
Post-fix validation status: fixed after corrected tenant-scoped query was submitted; the original vulnerable path no longer reaches invoice records outside the authenticated tenant
Residual risk: confirm all related billing-history, invoice-export, and payment-history endpoints apply the same tenant-scoping rule
Report status: ready for export with finding history, remediation record, and validation result

Important note: Sample remediation patterns are illustrative. Final remediation depends on the customer's framework, ORM, authorization model, application architecture, and security policy.

The LLM finding is helpful. The Galen evidence package is operational.

It gives the security team, developer, manager, customer, and auditor a clearer path from discovery to validated correction.

Example 2: AI Agent Tool Permissions

Realistic Frontier LLM Finding

The customer-support agent appears to have access to billing records, refund tools, CRM updates, and outbound email. This creates a potential excessive-permission risk, especially if the agent can act on retrieved support-ticket content. Consider limiting tool access, adding approval gates for sensitive actions, and improving logging around high-impact tool calls.

This is also useful. A strong LLM can identify the general risk and suggest sensible controls.

But the finding still needs proof and workflow detail:

  • Is the finding real or just a broad concern?
  • Which tools can the agent call?
  • Which data can it access?
  • Which actions require approval?
  • Which sensitive actions do not require approval?
  • Can untrusted retrieved content influence tool use?
  • Which logs are missing?
  • Which policy or permission change is required?
  • What validation test should be run?
  • Did the corrected agent workflow fix the issue?
  • What residual risk remains?
Telhawk + Galen Evidence Package
Finding: AI support agent has excessive billing and refund permissions
Severity: High
Evidence status: proof-backed finding requiring corrected workflow validation
False-positive control: finding is supported by observed tool access, reachable billing data, refund action capability, and missing approval boundary
Affected workflow: customer-support agent refund and account-support flow
Agent role: customer support automation
Sensitive tools available: billing-record lookup, refund execution, CRM update, outbound email
Sensitive data reachable: customer account records, billing history, refund history, support-ticket text, CRM notes
Tool-use path: support-ticket retrieval → account lookup → billing-record access → refund execution path → outbound email capability
Existing control: agent actions are logged at a general workflow level
Missing approval control: refund execution does not require human approval above the configured risk threshold
Permission issue: billing lookup is not limited to the active customer context
Prompt-injection exposure: retrieved support-ticket content may influence downstream tool use without sufficient separation from system instructions and trusted tool commands
Logging gap: sensitive tool calls are not fully recorded with approval state, actor context, customer context, and tool-call result
Exploit condition: untrusted ticket content or an over-permissioned workflow may cause the agent to retrieve billing records, initiate refund-related actions, or send sensitive information externally without sufficient approval or context restriction
Evidence summary: the agent can access billing information and refund-related tools in the same support workflow without a complete approval gate, customer-context restriction, or sufficiently detailed audit trail
Impact: the agent may expose billing information, execute improper refunds, or send sensitive account details externally if tool use is influenced by untrusted support-ticket content
Recommended correction: restrict billing access to active customer context, require human approval for refunds above threshold, separate untrusted retrieved content from system instructions, and log all sensitive tool calls with approval state and actor context
Sample remediation pattern: define a policy boundary that separates read-only customer-support lookup tools from high-impact billing and refund tools, then require explicit approval before the agent can execute refund or account-change actions

refund.execute requires humanApproval == true when refundAmount > configuredThreshold

billing.lookup requires customerId == activeSupportCase.customerId

Suggested validation: replay the support workflow with restricted customer context, refund threshold testing, prompt-injection test cases, and audit-log verification
Pre-fix validation status: agent workflow permits sensitive billing lookup and refund-related action path without sufficient approval and context restriction
Post-fix validation status: pending corrected workflow review
Residual risk: confirm outbound email, CRM update, account-status change, and refund execution tools use consistent approval and logging requirements
Report status: open finding with remediation plan and validation requirements documented

Important note: Sample remediation patterns are illustrative. Final controls depend on the customer's agent architecture, tool permissions, approval workflow, logging design, and operating policy.

This turns a broad AI-agent concern into a structured remediation and validation plan.

Where Galen Is Stronger Than Raw LLM Review

1. Proof

Raw LLM review may describe a likely issue.

Galen helps show the evidence behind it.

2. False-positive reduction

Raw LLM review can produce false positives and hallucinated findings.

Galen is designed to eliminate almost all unsupported false positives by requiring evidence before a finding is treated as actionable.

3. Path clarity

Raw LLM review may identify a suspicious file or function.

Galen helps connect the affected route, handler, data flow, guard, and sensitive operation.

4. Missing-control analysis

Raw LLM review may say 'check authorization.'

Galen helps identify the specific missing ownership, tenant, role, permission, validation, or approval control.

5. Exploit condition

Raw LLM review may describe theoretical risk.

Galen helps identify the condition under which the issue becomes reachable or exploitable.

6. Remediation pattern

Raw LLM review may suggest a general fix.

Galen helps connect a remediation pattern to the proven vulnerable path.

7. Validation

Raw LLM review may suggest that a fix looks correct.

Galen helps validate whether the original vulnerable path remains after correction.

8. Audit-ready history

Raw LLM review may produce a temporary chat response.

Galen helps preserve finding history, remediation status, validation status, and exportable reporting.

The Bottom Line

Frontier LLMs are powerful. They can identify and explain many possible security issues.

But possible findings are not the finish line.

Security teams need proof, false-positive reduction, prioritization, remediation direction, validation status, and reporting.

Raw AI can say: "This appears risky."

Telhawk + Galen helps show: "Here is the risk, here is the evidence, here is the missing control, here is the recommended correction, and here is whether the fix worked."

Talk to an Expert