This paper, presented by Jinghua Liu and colleagues, introduces GPTAid, a new framework for generating API Parameter Security Rules (APSRs) to detect API misuse. APSRs are crucial for safe API usage, and their violations can lead to severe security issues like null pointer dereference. Manually creating these rules is labor-intensive, and existing automated methods often miss important rules. The authors leverage Large Language Models (LLMs) for their code analysis and text generation capabilities to overcome these limitations. Direct LLM use, however, can result in incorrect or overly general APSRs, hindering effective detection. GPTAid addresses this by first using an LLM to generate raw APSRs and correct API calling code. It then generates violation code for each raw APSR by modifying the correct calling code. An execution feedback-checking approach dynamically executes this violation code, filtering out incorrect APSRs based on observed runtime errors. To make the APSRs more precise, GPTAid employs a code differential analysis. This analysis identifies key operations in the violation code to generate concrete APSRs. These concrete APSRs can be precisely translated into effective detection code. GPTAid demonstrates high precision (92.3%) and generates significantly more APSRs than state-of-the-art detectors. It also discovered 210 potential security bugs in real-world applications, with 150 confirmed by developers. The research was presented at the Network and Distributed System Security (NDSS) Symposium.