Challenge: Large language models (LLMs) have shown strong capabilities across diverse domains, but their application to code vulnerability detection raises significant concerns regarding efficiency, scalability and cost.
Approach: They propose a sequential multi-stage approach via confidence- and collaboration-based decision making via a three-stage sequential classification framework with a single agent, retrieval-augmented generation with external examples, and multi-agent reasoning enhanced with RAG.
Outcome: The proposed approach improves code vulnerability detection performance on a benchmark dataset and a low-resource language.

Similar Papers

Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning (2024.findings-acl)

Copied to clipboard

Challenge: Existing CodePre-trained models struggle to generalize due to superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities.
Approach: They propose a framework that integrates multi-task learning with Large Language Models to effectively mine deep-seated vulnerability features.
Outcome: The proposed framework surpasses seven state-of-the-art models in effectiveness, generalization, and robustness.
Boosting Vulnerability Detection of LLMs via Curriculum Preference Optimization with Synthetic Reasoning Data (2025.findings-acl)

Copied to clipboard

Challenge: Large language models (LLMs) are capable of detecting software vulnerabilities, but lack of reasoning data hinders their ability to capture underlying vulnerability patterns.
Approach: They propose a framework that excels at mining vulnerability patterns through reasoning data synthesizing and vulnerability-specific preference optimization.
Outcome: The proposed framework improves on SVEN and PrimeVul datasets and improves 12.24%-22.77% accuracy.
MulVul: Retrieval-augmented Multi-Agent Code Vulnerability Detection via Cross-Model Prompt Evolution (2026.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) struggle to automate real-world vulnerability detection due to the heterogeneity of vulnerability patterns and manual prompt engineering for massive weakness categories is unscalable.
Approach: They propose a retrieval-augmented multi-agent framework for precise and broad-coverage vulnerability detection using a coarse-to-fine strategy.
Outcome: The proposed framework outperforms the baseline model on 130 CWE types and achieves 34.79% Macro-F1 performance.
VulAgent: Hypothesis-Validation Driven Multi-Agent Architecture for Vulnerability Detection (2026.findings-acl)

Copied to clipboard

Challenge: Recent reports indicate that software vulnerabilities caused by insecure coding practices remain a major security threat.
Approach: They propose a multi-agent vulnerability detection framework based on hypothesis validation . they use multi-view analyzers to localize and localize security-sensitive operations .
Outcome: The proposed framework reduces false positives and increases accuracy by 6.6 percentage points on PrimeVul and SVEN.
CLeVeR: Multi-modal Contrastive Learning for Vulnerability Code Representation (2025.findings-acl)

Copied to clipboard

Challenge: Existing methods for detecting code capture the overall semantics of the code rather than its intrinsic vulnerability-specific semantics.
Approach: They propose an approach that leverages contrastive learning to generate precise vulnerability code representations under the supervision of vulnerability descriptions.
Outcome: The proposed approach outperforms state-of-the-art methods in vulnerability detection tasks by 11.85% and 13.61%.
Benchmarking LLMs and LLM-based Agents in Practical Vulnerability Detection for Code Repositories (2025.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have shown promise in software vulnerability detection, especially on function-level benchmarks like Devign and BigVul.
Approach: They propose a JIT vulnerability detection benchmark linking each function to its vulnerability-introducing and fixing commits.
Outcome: The proposed JIT vulnerability detection benchmark enables comprehensive evaluation of detection capabilities.
Can You Really Trust Code Copilot? Evaluating Large Language Models from a Code Security Perspective (2025.acl-long)

Copied to clipboard

Challenge: Existing code security benchmarks focus on one task and paradigm, such as code completion and generation, without comprehensive assessment across dimensions like secure code generation, vulnerability repair and discrimination.
Approach: They propose a multi-task benchmark for comprehensive evaluation of LLM code security . they also propose VC-Judge, an improved judgment model that aligns closely with human experts .
Outcome: The proposed model can evaluate LLM-generated programs for vulnerabilities in a more efficient and reliable way.
MOCHA: Are Code Language Models Robust Against Multi-Turn Malicious Coding Prompts? (2025.findings-emnlp)

Copied to clipboard

Challenge: Recent advances in Large Language Models have significantly enhanced their code generation capabilities, but their robustness against adversarial misuse remains underexplored.
Approach: They introduce a code decomposition attack where a malicious coding task is broken down into subtasks across multiple conversational turns to evade safety filters.
Outcome: The proposed code decomposition attacks exploits multi-turn malicious coding prompts . the proposed model improves rejection rates while preserving coding ability .
Chain-of-Scrutiny: Detecting Backdoor Attacks for Large Language Models (2025.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated impressive capabilities across various domains, but are vulnerable to backdoor attacks.
Approach: They propose a chain-of-scrutiny approach which leverages LLMs’ unique reasoning abilities to mitigate backdoor attacks.
Outcome: The proposed model is well-suited for the popular API-only LLM deployments, enabling detection at minimal cost and with little data.
Root Defense Strategies: Ensuring Safety of LLM at the Decoding Level (2025.acl-long)

Copied to clipboard

Challenge: Existing methods to detect harmful outputs from prefill-level lacks utilization of the model’s decoding outputs, leading to relatively lower effectiveness and robustness.
Approach: They propose a robust decoding mechanism that corrects harmful queries directly rather than rejecting them outright.
Outcome: The proposed model improves model security without compromising reasoning speed.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations