Saved in:
Bibliographic Details
Main Authors: Jamwal, Parteek, Shao, Minghao, Chen, Boyuan, Muthuvelan, Achyuta, Subanya, Asini, Ballo, Boubacar, Satija, Kashish, Shafey, Mariam, Mahmoud, Mohamed, Bouffi, Moncif Dahaji, Wickramasinghe, Pasindu, Goel, Siyona, Sabbani, Yaakulya, Hacid, Hakim, Ndhlovu, Mthandazo, Kafeza, Eleanna, Rawat, Sanjay, Shafique, Muhammad
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.17948
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917422171160576
author Jamwal, Parteek
Shao, Minghao
Chen, Boyuan
Muthuvelan, Achyuta
Subanya, Asini
Ballo, Boubacar
Satija, Kashish
Shafey, Mariam
Mahmoud, Mohamed
Bouffi, Moncif Dahaji
Wickramasinghe, Pasindu
Goel, Siyona
Sabbani, Yaakulya
Hacid, Hakim
Ndhlovu, Mthandazo
Kafeza, Eleanna
Rawat, Sanjay
Shafique, Muhammad
author_facet Jamwal, Parteek
Shao, Minghao
Chen, Boyuan
Muthuvelan, Achyuta
Subanya, Asini
Ballo, Boubacar
Satija, Kashish
Shafey, Mariam
Mahmoud, Mohamed
Bouffi, Moncif Dahaji
Wickramasinghe, Pasindu
Goel, Siyona
Sabbani, Yaakulya
Hacid, Hakim
Ndhlovu, Mthandazo
Kafeza, Eleanna
Rawat, Sanjay
Shafique, Muhammad
contents Large Language Models (LLMs) have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN (Retrieval Augmented Vulnerability Exploration Network), a framework leveraging LLM agents and Retrieval Augmented Generation (RAG) to synthesize comprehensive vulnerability analysis reports. Given vulnerable source code, RAVEN generates reports following the Google Project Zero Root Cause Analysis template. The framework uses four modules: an Explorer agent for vulnerability identification, a RAG engine retrieving relevant knowledge from curated databases including Google Project Zero reports and CWE entries, an Analyst agent for impact and exploitation assessment, and a Reporter agent for structured report generation. To ensure quality, RAVEN includes a task specific LLM Judge evaluating reports across structural integrity, ground truth alignment, code reasoning quality, and remediation quality. We evaluate RAVEN on 105 vulnerable code samples covering 15 CWE types from the NIST-SARD dataset. Results show an average quality score of 54.21%, supporting the effectiveness of our approach for automated vulnerability documentation.
format Preprint
id arxiv_https___arxiv_org_abs_2604_17948
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs
Jamwal, Parteek
Shao, Minghao
Chen, Boyuan
Muthuvelan, Achyuta
Subanya, Asini
Ballo, Boubacar
Satija, Kashish
Shafey, Mariam
Mahmoud, Mohamed
Bouffi, Moncif Dahaji
Wickramasinghe, Pasindu
Goel, Siyona
Sabbani, Yaakulya
Hacid, Hakim
Ndhlovu, Mthandazo
Kafeza, Eleanna
Rawat, Sanjay
Shafique, Muhammad
Cryptography and Security
Artificial Intelligence
Multiagent Systems
Large Language Models (LLMs) have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN (Retrieval Augmented Vulnerability Exploration Network), a framework leveraging LLM agents and Retrieval Augmented Generation (RAG) to synthesize comprehensive vulnerability analysis reports. Given vulnerable source code, RAVEN generates reports following the Google Project Zero Root Cause Analysis template. The framework uses four modules: an Explorer agent for vulnerability identification, a RAG engine retrieving relevant knowledge from curated databases including Google Project Zero reports and CWE entries, an Analyst agent for impact and exploitation assessment, and a Reporter agent for structured report generation. To ensure quality, RAVEN includes a task specific LLM Judge evaluating reports across structural integrity, ground truth alignment, code reasoning quality, and remediation quality. We evaluate RAVEN on 105 vulnerable code samples covering 15 CWE types from the NIST-SARD dataset. Results show an average quality score of 54.21%, supporting the effectiveness of our approach for automated vulnerability documentation.
title RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs
topic Cryptography and Security
Artificial Intelligence
Multiagent Systems
url https://arxiv.org/abs/2604.17948