166 matches found
LegalSim: Multi-Agent Simulation of Legal Systems for Discovering Procedural Exploits
We present LegalSim, a modular multi-agent simulation of adversarial legal proceedings that explores how AI systems can exploit procedural weaknesses in codified rules. Plaintiff and defendant agents choose from a constrained action space for example, discovery requests, motions, meet-and-confer,...
FalseCrashReducer: Mitigating False Positive Crashes in OSS-Fuzz-Gen Using Agentic AI
Fuzz testing has become a cornerstone technique for identifying software bugs and security vulnerabilities, with broad adoption in both industry and open-source communities. Directly fuzzing a function requires fuzz drivers, which translate random fuzzer inputs into valid arguments for the target...
A Cybersecurity AI Agent Selection and Decision Support Framework
This paper presents a novel, structured decision support framework that systematically aligns diverse artificial intelligence AI agent architectures, reactive, cognitive, hybrid, and learning, with the comprehensive National Institute of Standards and Technology NIST Cybersecurity Framework CSF...
MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing of Industrial Control Protocols
Industrial control systems ICS are vital to modern infrastructure but increasingly vulnerable to cybersecurity threats, particularly through weaknesses in their communication protocols. This paper presents MALF Multi-Agent LLM Fuzzing Framework, an advanced fuzzing solution that integrates large...
MAVUL: Multi-Agent Vulnerability Detection Via Contextual Reasoning and Interactive Refinement
The widespread adoption of open-source software OSS necessitates the mitigation of vulnerability risks. Most vulnerability detection VD methods are limited by inadequate contextual understanding, restrictive single-round interactions, and coarse-grained evaluations, resulting in undesired model...
FuncPoison: Poisoning Function Library to Hijack Multi-Agent Autonomous Driving Systems
Autonomous driving systems increasingly rely on multi-agent architectures powered by large language models LLMs, where specialized agents collaborate to perceive, reason, and plan. A key component of these systems is the shared function library, a collection of software tools that agents use to...
PhishLumos: an Adaptive Multi-Agent System for Proactive Phishing Campaign Mitigation
Phishing attacks are a significant societal threat, disproportionately harming vulnerable populations and eroding trust in essential digital services. Current defenses are often reactive, failing against modern evasive tactics like cloaking that conceal malicious content. To address this, we...
Automated Cyber Defense with Generalizable Graph-Based Reinforcement Learning Agents
Deep reinforcement learning RL is emerging as a viable strategy for automated cyber defense ACD. The traditional RL approach represents networks as a list of computers in various states of safety or threat. Unfortunately, these models are forced to overfit to specific network topologies, renderin...
XOffense: an AI-Driven Autonomous Penetration Testing Framework with Offensive Knowledge-Enhanced LLMs and Multi Agent Systems
This work introduces xOffense, an AI-driven, multi-agent penetration testing framework that shifts the process from labor-intensive, expert-driven manual efforts to fully automated, machine-executable workflows capable of scaling seamlessly with computational infrastructure. At its core, xOffense...
VulAgent: Hypothesis-Validation Based Multi-Agent Vulnerability Detection
The application of language models to project-level vulnerability detection remains challenging, owing to the dual requirement of accurately localizing security-sensitive code and correctly correlating and reasoning over complex program context. We present VulAgent, a multi-agent vulnerability...
Shell or Nothing: Real-World Benchmarks and Memory-Activated Agents for Automated Penetration Testing
Penetration testing is critical for identifying and mitigating security vulnerabilities, yet traditional approaches remain expensive, time-consuming, and dependent on expert human labor. Recent work has explored AI-driven pentesting agents, but their evaluation relies on oversimplified...
Neuro-Symbolic AI for Cybersecurity: State of the Art, Challenges, and Opportunities
Traditional Artificial Intelligence AI approaches in cybersecurity exhibit fundamental limitations: inadequate conceptual grounding leading to non-robustness against novel attacks; limited instructibility impeding analyst-guided adaptation; and misalignment with cybersecurity objectives...
What Is Cybersecurity in Space?
Satellites, drones, and 5G space links now support critical services such as air traffic, finance, and weather. Yet most were not built to resist modern cyber threats. Ground stations can be breached, GPS jammed, and supply chains compromised, while no shared list of vulnerabilities or safe testi...
Web Fraud Attacks against LLM-Driven Multi-Agent Systems
With the proliferation of applications built upon LLM-driven multi-agent systems MAS, the security of Web links has become a critical concern in ensuring system reliability. Once an agent is induced to visit a malicious website, attackers can use it as a springboard to conduct diverse subsequent...
Multi-Agent Penetration Testing AI for the Web
AI-powered development platforms are making software creation accessible to a broader audience, but this democratization has triggered a scalability crisis in security auditing. With studies showing that up to 40% of AI-generated code contains vulnerabilities, the pace of development now vastly...
Attackers Strike Back? Not Anymore -- an Ensemble of RL Defenders Awakens for APT Detection
Advanced Persistent Threats APTs represent a growing menace to modern digital infrastructure. Unlike traditional cyberattacks, APTs are stealthy, adaptive, and long-lasting, often bypassing signature-based detection systems. This paper introduces a novel framework for APT detection that unites de...
Langflow 安全漏洞
Langflow is a visualization framework for building multi-agent and RAG applications open-sourced by Langflow. A security vulnerability exists in Langflow that stems from improper management of permissions within a container, which could lead to elevation of privilege...
Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure
With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...
MultiFuzz: a Dense Retrieval-Based Multi-Agent System for Network Protocol Fuzzing
Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as ChatAFL, have integrated Large Language Models LLMs to guid...
AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation
Incident response IR requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models LLMs have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. ...