This invention is a policy-grounded framework that produces executable, downstream-aware authorization tests that can detect drift across microservice chains more reliably than existing automated test generators. Background: Modern software has largely transitioned from monolithic designs to microservice architectures. This means an application is made up of dozens of modular services that communicate via APIs. This results in traffic that is very difficult to secure because each service must independently verify user permissions. Traditional security tools are ineffective because they do not have enough context to understand which user owns which data. Detecting these logic flaws has required slow, expensive manual testing by human experts who can reason through the application's intended behavior. This creates a bottleneck in the development lifecycle, as automated tools cannot read the application's intent well enough to generate meaningful authorization tests. This technology addresses these gaps by utilizing Large Language Models (LLM) to autonomously read API documentation and infer the business rules, allowing the system to execute authorization tests. Applications:
Advantages: