Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Computer Science > Cryptography and Security arXiv:2605.21779 (cs) [Submitted on 20 May 2026] Title:FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction Authors:Ze Sheng, Zhicheng Chen, Qingxiao Xu, Kewen Zhu, Jeff Huang View a PDF of the paper titled FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction, by Ze Sheng and 4 other authors View PDF HTML (experimental)

Abstract:Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models (LLMs) show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and lack
reproducible verification. Second, existing LLM-based approaches use suboptimal granularities for vulnerability localization: function-level analysis overlooks bugs when context becomes extensive, while line-level analysis lacks sufficient context. Third, existing approaches have difficulty reasoning about
vulnerabilities with complex cross-function dependencies and triggering conditions.
We present FuzzingBrain V2, a multi-agent system that addresses these gaps through four key contributions: (1) fully automated vulnerability analysis built on Google's OSS-Fuzz, ensuring all reported vulnerabilities are fuzzer-reproducible; (2) Suspicious Point, a novel control-flow-based abstraction for precise
vulnerability localization at the optimal granularity; (3) logic-driven hierarchical function analysis with dual-layer fuzzing enhancing function coverage under resource constraints; (4) MCP-based static and dynamic analysis tools with context engineering enhancing complex vulnerability reasoning.
On the AIxCC 2025 Final Competition C/C++ dataset, FuzzingBrain V2 achieved 90% detection rate (36 of 40 vulnerabilities). In real-world deployment, FuzzingBrain V2 discovered 29 zero-day vulnerabilities across 12 open-source projects, all confirmed and fixed by maintainers, with 2 assigned CVE IDs.

Subjects:	Cryptography and Security (cs.CR); Software Engineering (cs.SE)
Cite as:	arXiv:2605.21779 [cs.CR]
	(or arXiv:2605.21779v1 [cs.CR] for this version)
	https://doi.org/10.48550/arXiv.2605.21779 Focus to learn more arXiv-issued DOI via DataCite (pending registration)

Submission history

From: Ze Sheng [view email]
[v1] Wed, 20 May 2026 22:17:14 UTC (1,827 KB)
Full-text links:

Access Paper:

View a PDF of the paper titled FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction, by Ze Sheng and 4 other authors
• View PDF
• HTML (experimental)
• TeX Source

view license

Current browse context:

cs.CR < prev   |   next >
new | recent | 2026-05 Change to browse by: cs
cs.SE

References & Citations

• NASA ADS
• Google Scholar
• Semantic Scholar

export BibTeX citation Loading...

BibTeX formatted citation

× loading... Data provided by:

Bookmark

Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Code, Data and Media Associated with this Article alphaXiv Toggle alphaXiv (What is alphaXiv?) Links to Code Toggle CatalyzeX Code Finder for Papers (What is CatalyzeX?) DagsHub Toggle DagsHub (What is DagsHub?) GotitPub Toggle Gotit.pub (What is GotitPub?) Huggingface Toggle Hugging Face (What is Huggingface?) ScienceCast Toggle ScienceCast (What is ScienceCast?) Demos Demos Replicate Toggle Replicate (What is Replicate?) Spaces Toggle Hugging Face Spaces (What is Spaces?) Spaces Toggle TXYZ.AI (What is TXYZ.AI?) Related Papers Recommenders and Search Tools Link to Influence Flower Influence Flower (What are Influence Flowers?) Core recommender toggle CORE Recommender (What is CORE?)

• Author
• Venue
• Institution
• Topic

About arXivLabs arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)