Saved in:
| Main Authors: | , , , , , , , , , , , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2026
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2604.17860 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866910147140386816 |
|---|---|
| author | Zhang, Ting Li, Yikun Yang, Chengran Widyasari, Ratnadira Liu, Yue Bui, Ngoc Tan Nguyen, Phuc Thanh Tun, Yan Naing Irsan, Ivana Clairine Nguyen, Huu Hung Huang, Huihui Jiang, Jinfeng Shar, Lwin Khin Ouh, Eng Lieh Lo, David Kang, Hong Jin Yin, Yide Leow, Wen Bin |
| author_facet | Zhang, Ting Li, Yikun Yang, Chengran Widyasari, Ratnadira Liu, Yue Bui, Ngoc Tan Nguyen, Phuc Thanh Tun, Yan Naing Irsan, Ivana Clairine Nguyen, Huu Hung Huang, Huihui Jiang, Jinfeng Shar, Lwin Khin Ouh, Eng Lieh Lo, David Kang, Hong Jin Yin, Yide Leow, Wen Bin |
| contents | Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing (SAST) tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative project between Singapore Management University and GovTech Singapore that orchestrates multiple large language model (LLM)-powered agents into a unified vulnerability discovery pipeline. Applied in open-source software, TitanCA has discovered 203 confirmed zero-day vulnerabilities and yielded 118 CVEs. We describe the four-module architecture, i.e., matching, filtering, inspection, and adaptation, and share key lessons from building and deploying an LLM-based vulnerability discovery solution in practice. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2604_17860 |
| institution | arXiv |
| publishDate | 2026 |
| record_format | arxiv |
| spellingShingle | TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs Zhang, Ting Li, Yikun Yang, Chengran Widyasari, Ratnadira Liu, Yue Bui, Ngoc Tan Nguyen, Phuc Thanh Tun, Yan Naing Irsan, Ivana Clairine Nguyen, Huu Hung Huang, Huihui Jiang, Jinfeng Shar, Lwin Khin Ouh, Eng Lieh Lo, David Kang, Hong Jin Yin, Yide Leow, Wen Bin Cryptography and Security Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing (SAST) tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative project between Singapore Management University and GovTech Singapore that orchestrates multiple large language model (LLM)-powered agents into a unified vulnerability discovery pipeline. Applied in open-source software, TitanCA has discovered 203 confirmed zero-day vulnerabilities and yielded 118 CVEs. We describe the four-module architecture, i.e., matching, filtering, inspection, and adaptation, and share key lessons from building and deploying an LLM-based vulnerability discovery solution in practice. |
| title | TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2604.17860 |