We propose an automated vulnerability detection system that synergizes static analysis and fuzzing target identification through LLMs and AI agents. Building on the Dante system, our solution integrates various reasoning models and leverages a dynamic dataset from student code contributions. The system employs reinforcement learning, prompt crafting, and test-time computing techniques to refine the detection of critical vulnerabilities in C codebases. A multi-step automated workflow performs detailed static code analysis, extracts fuzzing targets, and iteratively compiles and tests code snippets. Log outputs are summarized using reasoning models, highlighting only the most relevant errors.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

System for Automatic Bug Detection in Code and Programs Using LLMs and AI Agents

  • Paweł Kapusta,
  • Piotr Duch,
  • Michał Majchrowicz,
  • Adrian Królik

摘要

We propose an automated vulnerability detection system that synergizes static analysis and fuzzing target identification through LLMs and AI agents. Building on the Dante system, our solution integrates various reasoning models and leverages a dynamic dataset from student code contributions. The system employs reinforcement learning, prompt crafting, and test-time computing techniques to refine the detection of critical vulnerabilities in C codebases. A multi-step automated workflow performs detailed static code analysis, extracts fuzzing targets, and iteratively compiles and tests code snippets. Log outputs are summarized using reasoning models, highlighting only the most relevant errors.