{"paper":{"title":"RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"RAVEN uses LLM agents and retrieval to generate structured vulnerability reports from code samples.","cross_cats":["cs.AI","cs.MA"],"primary_cat":"cs.CR","authors_text":"Achyuta Muthuvelan, Asini Subanya, Boubacar Ballo, Boyuan Chen, Eleanna Kafeza, Hakim Hacid, Kashish Satija, Mariam Shafey, Minghao Shao, Mohamed Mahmoud, Moncif Dahaji Bouffi, Mthandazo Ndhlovu, Muhammad Shafique, Parteek Jamwal, Pasindu Wickramasinghe, Sanjay Rawat, Siyona Goel, Yaakulya Sabbani","submitted_at":"2026-04-20T08:29:48Z","abstract_excerpt":"Large Language Models (LLMs) have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN (Retrieval Augmented Vulnerability Exploration Network), a framework leveraging LLM agents and Retrieval Augmented Generation (RAG) to synthesize comprehensive vulnerability analysis reports. Given vulnerable source code, RAVEN generates reports following the Google Project Zero Root Cause Analysis te"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"Results show an average quality score of 54.21%, supporting the effectiveness of our approach for automated vulnerability documentation.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The LLM-based judge accurately measures report quality across structural integrity, ground truth alignment, code reasoning, and remediation without independent human validation or baselines.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"RAVEN combines LLM agents and RAG to generate Project Zero-style vulnerability reports, achieving 54.21% average quality on 105 NIST-SARD samples across 15 CWE types.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"RAVEN uses LLM agents and retrieval to generate structured vulnerability reports from code samples.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"1271323eccfbba5f1a5a94b7e48bf929a3d36ba4c3c389d05bd46579fa15c551"},"source":{"id":"2604.17948","kind":"arxiv","version":2},"verdict":{"id":"77ea08c5-7f2d-4878-a143-ebb2cd387ea9","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-10T04:40:15.717883Z","strongest_claim":"Results show an average quality score of 54.21%, supporting the effectiveness of our approach for automated vulnerability documentation.","one_line_summary":"RAVEN combines LLM agents and RAG to generate Project Zero-style vulnerability reports, achieving 54.21% average quality on 105 NIST-SARD samples across 15 CWE types.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The LLM-based judge accurately measures report quality across structural integrity, ground truth alignment, code reasoning, and remediation without independent human validation or baselines.","pith_extraction_headline":"RAVEN uses LLM agents and retrieval to generate structured vulnerability reports from code samples."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2604.17948/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"doi_compliance","ran_at":"2026-05-20T04:35:37.842369Z","status":"completed","version":"1.0.0","findings_count":0}],"snapshot_sha256":"fefb33a439a521ce9cd3b74ae84746d92e8d0dfd8e08b5742b39e342103b3b87"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}