Table of Contents
Fetching ...

Multi-Agent End-to-End Vulnerability Management for Mitigating Recurring Vulnerabilities

Zelong Zheng, Jiayuan Zhou, Xing Hu, Yi Gao, Shengyi Pan

TL;DR

MAVM presents a novel end-to-end framework for recurring vulnerability management that orchestrates multiple LLM-based agents around a Vulnerability Knowledge Base to detect, confirm, repair, and validate recurring vulnerabilities. By leveraging VKB-derived root-cause and trigger-chain insights and repository-context tools, MAVM addresses limitations of context insufficiency and underutilized historical knowledge in prior approaches. In experiments on a dataset of 78 patch migrations (114 function-level pairs) from 13 repositories, MAVM achieves superior repair accuracy (57.3%) and higher detection precision (76.4%) compared with strong baselines, demonstrating effective end-to-end vulnerability management. The work highlights the importance of knowledge grounding and context-aware automation for practical security auditing and suggests extending the approach to CVE-level analysis and more programming languages in future work.

Abstract

Software vulnerability management has become increasingly critical as modern systems scale in size and complexity. However, existing automated approaches remain insufficient. Traditional static analysis methods struggle to precisely capture contextual dependencies, especially when vulnerabilities span multiple functions or modules. Large language models (LLMs) often lack the ability to retrieve and exploit sufficient contextual information, resulting in incomplete reasoning and unreliable outcomes. Meanwhile, recurring vulnerabilities emerge repeatedly due to code reuse and shared logic, making historical vulnerability knowledge an indispensable foundation for effective vulnerability detection and repair. Nevertheless, prior approaches such as clone-based detection and patch porting, have not fully leveraged this knowledge. To address these challenges, we present MAVM, a multi-agent framework for end-to-end recurring vulnerability management. MAVM integrates five components, including a vulnerability knowledge base, detection, confirmation, repair, and validation, into a unified multi-agent pipeline. We construct a knowledge base from publicly disclosed vulnerabilities, thereby addressing the underuse of historical knowledge in prior work and mitigating the lack of domain-specific expertise in LLMs. Furthermore, we design context-retrieval tools that allow agents to extract and reason over repository-level information, overcoming the contextual limitations of previous methods. Based on agents, MAVM effectively simulates real-world security workflows. To evaluate the performance of MAVM, we construct a dataset containing 78 real-world patch-porting cases (covering 114 function-level migrations). On this dataset, MAVM successfully detects and repairs 51 real vulnerabilities, outperforming baselines by 31.9%-45.2% in repair accuracy, which demonstrates its effectiveness.

Multi-Agent End-to-End Vulnerability Management for Mitigating Recurring Vulnerabilities

TL;DR

MAVM presents a novel end-to-end framework for recurring vulnerability management that orchestrates multiple LLM-based agents around a Vulnerability Knowledge Base to detect, confirm, repair, and validate recurring vulnerabilities. By leveraging VKB-derived root-cause and trigger-chain insights and repository-context tools, MAVM addresses limitations of context insufficiency and underutilized historical knowledge in prior approaches. In experiments on a dataset of 78 patch migrations (114 function-level pairs) from 13 repositories, MAVM achieves superior repair accuracy (57.3%) and higher detection precision (76.4%) compared with strong baselines, demonstrating effective end-to-end vulnerability management. The work highlights the importance of knowledge grounding and context-aware automation for practical security auditing and suggests extending the approach to CVE-level analysis and more programming languages in future work.

Abstract

Software vulnerability management has become increasingly critical as modern systems scale in size and complexity. However, existing automated approaches remain insufficient. Traditional static analysis methods struggle to precisely capture contextual dependencies, especially when vulnerabilities span multiple functions or modules. Large language models (LLMs) often lack the ability to retrieve and exploit sufficient contextual information, resulting in incomplete reasoning and unreliable outcomes. Meanwhile, recurring vulnerabilities emerge repeatedly due to code reuse and shared logic, making historical vulnerability knowledge an indispensable foundation for effective vulnerability detection and repair. Nevertheless, prior approaches such as clone-based detection and patch porting, have not fully leveraged this knowledge. To address these challenges, we present MAVM, a multi-agent framework for end-to-end recurring vulnerability management. MAVM integrates five components, including a vulnerability knowledge base, detection, confirmation, repair, and validation, into a unified multi-agent pipeline. We construct a knowledge base from publicly disclosed vulnerabilities, thereby addressing the underuse of historical knowledge in prior work and mitigating the lack of domain-specific expertise in LLMs. Furthermore, we design context-retrieval tools that allow agents to extract and reason over repository-level information, overcoming the contextual limitations of previous methods. Based on agents, MAVM effectively simulates real-world security workflows. To evaluate the performance of MAVM, we construct a dataset containing 78 real-world patch-porting cases (covering 114 function-level migrations). On this dataset, MAVM successfully detects and repairs 51 real vulnerabilities, outperforming baselines by 31.9%-45.2% in repair accuracy, which demonstrates its effectiveness.
Paper Structure (27 sections, 6 figures, 4 tables)

This paper contains 27 sections, 6 figures, 4 tables.

Figures (6)

  • Figure 1: The background and basic process of recurring vulnerability management.
  • Figure 2: Overview of our approach.
  • Figure 3: Vulnerability knowledge base construction.
  • Figure 4: The analysis report template designed for VKB, the report and analysis points generated for CVE-2022-2042 by GPT-4o.
  • Figure 5: Using the vulnerability confirmation component to resolve a false positive in a function similar to CVE-2019-19947.
  • ...and 1 more figures