A Sequential Multi-Stage Approach for Code Vulnerability Detection via Confidence- and Collaboration-based Decision Making (2025.emnlp-main)
Copied to clipboard
| Challenge: | Large language models (LLMs) have shown strong capabilities across diverse domains, but their application to code vulnerability detection raises significant concerns regarding efficiency, scalability and cost. |
| Approach: | They propose a sequential multi-stage approach via confidence- and collaboration-based decision making via a three-stage sequential classification framework with a single agent, retrieval-augmented generation with external examples, and multi-agent reasoning enhanced with RAG. |
| Outcome: | The proposed approach improves code vulnerability detection performance on a benchmark dataset and a low-resource language. |
Similar Papers
Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning (2024.findings-acl)
Copied to clipboard
| Challenge: | Existing CodePre-trained models struggle to generalize due to superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities. |
| Approach: | They propose a framework that integrates multi-task learning with Large Language Models to effectively mine deep-seated vulnerability features. |
| Outcome: | The proposed framework surpasses seven state-of-the-art models in effectiveness, generalization, and robustness. |
Boosting Vulnerability Detection of LLMs via Curriculum Preference Optimization with Synthetic Reasoning Data (2025.findings-acl)
Copied to clipboard
| Challenge: | Large language models (LLMs) are capable of detecting software vulnerabilities, but lack of reasoning data hinders their ability to capture underlying vulnerability patterns. |
| Approach: | They propose a framework that excels at mining vulnerability patterns through reasoning data synthesizing and vulnerability-specific preference optimization. |
| Outcome: | The proposed framework improves on SVEN and PrimeVul datasets and improves 12.24%-22.77% accuracy. |
MulVul: Retrieval-augmented Multi-Agent Code Vulnerability Detection via Cross-Model Prompt Evolution (2026.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) struggle to automate real-world vulnerability detection due to the heterogeneity of vulnerability patterns and manual prompt engineering for massive weakness categories is unscalable. |
| Approach: | They propose a retrieval-augmented multi-agent framework for precise and broad-coverage vulnerability detection using a coarse-to-fine strategy. |
| Outcome: | The proposed framework outperforms the baseline model on 130 CWE types and achieves 34.79% Macro-F1 performance. |
VulAgent: Hypothesis-Validation Driven Multi-Agent Architecture for Vulnerability Detection (2026.findings-acl)
Copied to clipboard
| Challenge: | Recent reports indicate that software vulnerabilities caused by insecure coding practices remain a major security threat. |
| Approach: | They propose a multi-agent vulnerability detection framework based on hypothesis validation . they use multi-view analyzers to localize and localize security-sensitive operations . |
| Outcome: | The proposed framework reduces false positives and increases accuracy by 6.6 percentage points on PrimeVul and SVEN. |
CLeVeR: Multi-modal Contrastive Learning for Vulnerability Code Representation (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing methods for detecting code capture the overall semantics of the code rather than its intrinsic vulnerability-specific semantics. |
| Approach: | They propose an approach that leverages contrastive learning to generate precise vulnerability code representations under the supervision of vulnerability descriptions. |
| Outcome: | The proposed approach outperforms state-of-the-art methods in vulnerability detection tasks by 11.85% and 13.61%. |
Benchmarking LLMs and LLM-based Agents in Practical Vulnerability Detection for Code Repositories (2025.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have shown promise in software vulnerability detection, especially on function-level benchmarks like Devign and BigVul. |
| Approach: | They propose a JIT vulnerability detection benchmark linking each function to its vulnerability-introducing and fixing commits. |
| Outcome: | The proposed JIT vulnerability detection benchmark enables comprehensive evaluation of detection capabilities. |
Can You Really Trust Code Copilot? Evaluating Large Language Models from a Code Security Perspective (2025.acl-long)
Copied to clipboard
| Challenge: | Existing code security benchmarks focus on one task and paradigm, such as code completion and generation, without comprehensive assessment across dimensions like secure code generation, vulnerability repair and discrimination. |
| Approach: | They propose a multi-task benchmark for comprehensive evaluation of LLM code security . they also propose VC-Judge, an improved judgment model that aligns closely with human experts . |
| Outcome: | The proposed model can evaluate LLM-generated programs for vulnerabilities in a more efficient and reliable way. |
MOCHA: Are Code Language Models Robust Against Multi-Turn Malicious Coding Prompts? (2025.findings-emnlp)
Copied to clipboard
Muntasir Wahed, Xiaona Zhou, Kiet A. Nguyen, Tianjiao Yu, Nirav Diwan, Gang Wang, Dilek Hakkani-Tür, Ismini Lourentzou
| Challenge: | Recent advances in Large Language Models have significantly enhanced their code generation capabilities, but their robustness against adversarial misuse remains underexplored. |
| Approach: | They introduce a code decomposition attack where a malicious coding task is broken down into subtasks across multiple conversational turns to evade safety filters. |
| Outcome: | The proposed code decomposition attacks exploits multi-turn malicious coding prompts . the proposed model improves rejection rates while preserving coding ability . |
Chain-of-Scrutiny: Detecting Backdoor Attacks for Large Language Models (2025.findings-acl)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have demonstrated impressive capabilities across various domains, but are vulnerable to backdoor attacks. |
| Approach: | They propose a chain-of-scrutiny approach which leverages LLMs’ unique reasoning abilities to mitigate backdoor attacks. |
| Outcome: | The proposed model is well-suited for the popular API-only LLM deployments, enabling detection at minimal cost and with little data. |
Root Defense Strategies: Ensuring Safety of LLM at the Decoding Level (2025.acl-long)
Copied to clipboard
| Challenge: | Existing methods to detect harmful outputs from prefill-level lacks utilization of the model’s decoding outputs, leading to relatively lower effectiveness and robustness. |
| Approach: | They propose a robust decoding mechanism that corrects harmful queries directly rather than rejecting them outright. |
| Outcome: | The proposed model improves model security without compromising reasoning speed. |