Open-source software security vulnerabilities lead to severe impacts, e.g., stolen personal data, financial losses, and disrupted services. Due to the significant growth of vulnerabilities in recent years, it has become increasingly challenging for developers to efficiently manage security vulnerabilities, leading to supply-chain delays and prolonged security risks. While artificial intelligence tools are increasingly adopted in software development, it remains unclear whether they can reliably assist vulnerability management. This project builds tools that leverage AI to assist vulnerability management in open-source software and continuously monitors the security behaviors of AI agents in software development. The project's novelties are the combination of AI with program analysis on vulnerability localization, a new recommender system for prioritizing and discovering vulnerabilities, and novel testing methodologies for auditing the security behaviors of AI agents. The project's broader significance and importance are the strengthening of open-source software supply chain which supports modern software infrastructure, the training of next generation security researchers and software developers, including summer research camps in New Jersey, and the public release of benchmarks and tools that improve security research. The project's objectives are divided into three research thrusts: (1) using program analysis and graph neural networks to enhance patch localization and vulnerable code localization; (2) constructing a novel benchmark and recommender system for vulnerability discovery and prioritization based on a major bug bounty platform; (3) monitoring the security behaviors of AI agents for code review and generation by detecting security failures and inconsistency with user expectation. The project seamlessly integrates various methodologies and disciplines, including program analysis, large language models, natural language processing, software testing, and