TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs
Ting Zhang, Yikun Li, Chengran Yang, Ratnadira Widyasari, Yue Liu + 13 more
TLDR
TitanCA orchestrates LLM agents to discover 203 zero-day vulnerabilities and 118 CVEs, significantly improving software security.
Key contributions
- Orchestrates multiple LLM agents into a unified vulnerability discovery pipeline.
- Discovered 203 confirmed zero-day vulnerabilities and 118 CVEs in open-source software.
- Utilizes a four-module architecture: matching, filtering, inspection, and adaptation.
- Shares practical lessons from building and deploying LLM-based vulnerability discovery solutions.
Why it matters
This paper is significant because it demonstrates a practical and highly effective LLM-powered approach to finding critical software vulnerabilities, outperforming traditional SAST tools. Its success in discovering numerous zero-day vulnerabilities and CVEs highlights the potential of agent-based AI for enhancing cybersecurity defenses.
Original Abstract
Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing (SAST) tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative project between Singapore Management University and GovTech Singapore that orchestrates multiple large language model (LLM)-powered agents into a unified vulnerability discovery pipeline. Applied in open-source software, TitanCA has discovered 203 confirmed zero-day vulnerabilities and yielded 118 CVEs. We describe the four-module architecture, i.e., matching, filtering, inspection, and adaptation, and share key lessons from building and deploying an LLM-based vulnerability discovery solution in practice.
📬 Weekly AI Paper Digest
Get the top 10 AI/ML arXiv papers from the week — summarized, scored, and delivered to your inbox every Monday.