arxiv: 2604.06633 · v1 · submitted 2026-04-08 · 💻 cs.CR · cs.CL· cs.SE

Recognition: 2 theorem links

· Lean Theorem

Argus: Reorchestrating Static Analysis via a Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection

Zi Liang , Qipeng Xie , Jun He , Bohuan Xue , Weizheng Wang , Yuandao Cai , Fei Luo , Boxian Zhang

show 2 more authors

Haibo Hu Kaishun Wu

Authors on Pith no claims yet

Pith reviewed 2026-05-10 18:10 UTC · model grok-4.3

classification 💻 cs.CR cs.CLcs.SE

keywords vulnerability detectionmulti-agent systemsstatic analysislarge language modelsretrieval-augmented generationsecurity testingzero-day vulnerabilities

0 comments

The pith

Argus reorchestrates static analysis into a multi-agent LLM workflow that detects more true security vulnerabilities while cutting false positives and costs.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper sets out to show that current LLM-based attempts at static application security testing fall short because they try to replace experts outright instead of integrating with existing tools, leading to too many false alarms, hallucinations, and high costs. It introduces Argus as a shift to an LLM-centered multi-agent system that adds full supply-chain review, agent collaboration, retrieval-augmented generation, and ReAct-style reasoning to ground outputs and deepen analysis. If this holds, industrial teams could run static checks that surface more real flaws at lower operational expense and with fewer wasted reviews. The work reports that the system found several zero-day vulnerabilities later assigned CVEs.

Core claim

Argus is the first multi-agent framework built for vulnerability detection that combines comprehensive supply chain analysis, collaborative agent workflows, and state-of-the-art retrieval-augmented generation plus ReAct reasoning to reduce hallucinations, increase reasoning depth, and deliver higher true-positive rates than prior LLM-assisted or traditional methods.

What carries the argument

The Argus multi-agent ensemble, which coordinates specialized agents around retrieval-augmented generation and ReAct to perform full-chain security analysis on code and its dependencies.

If this is right

Static analysis tools can surface a higher number of genuine vulnerabilities.
False-positive rates drop, reducing the manual review burden on security teams.
Overall operational costs for vulnerability scanning decrease.
Real zero-day issues can be identified and assigned CVEs in practice.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same agent orchestration pattern could be tested on non-security code properties such as performance or maintainability bugs.
Traditional rule-based SAST engines might serve as additional specialized agents inside the ensemble rather than as separate tools.
Longer-term scaling questions arise around token budgets and latency when the system is applied to codebases with millions of lines.

Load-bearing premise

That the multi-agent collaboration with retrieval and reasoning steps will reliably cut hallucinations and improve accuracy on large codebases without adding new errors or prohibitive token costs.

What would settle it

A side-by-side test on multiple industrial codebases where Argus produces no measurable gain in true vulnerabilities found or no drop in false positives relative to the best existing single-agent LLM or traditional SAST baselines.

Figures

Figures reproduced from arXiv: 2604.06633 by Bohuan Xue, Boxian Zhang, Fei Luo, Haibo Hu, Jun He, Kaishun Wu, Qipeng Xie, Weizheng Wang, Yuandao Cai, Zi Liang.

**Figure 2.** Figure 2: The overall workflow of the Argus framework. Given a code repository, Argus first parses it with its [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 3.** Figure 3: A practical example of the structured in [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 4.** Figure 4: Example of PoC generation and vulnerability [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

**Figure 5.** Figure 5: Examples of vulnerable data flows in DataGear detected by Argus. in Argus first retrieve a previous vulnerability named CVE-2024-37759. Through this, it identifies a sink evaluateVariableExpression at org.datagear...Conversion...ValueMapper. While the original vulnerable data flow has been fixed, our Re3 identifies two new data flows that pass our manual review, i.e., they are still exploitable and have n… view at source ↗

**Figure 6.** Figure 6: Token consumption and sink discovery perfor [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗

**Figure 7.** Figure 7: Screenshot of one of our realistic attack examples injected via our zero-day vulnerability discovered with [PITH_FULL_IMAGE:figures/full_fig_p012_7.png] view at source ↗

**Figure 8.** Figure 8: An example prompt of our vulnerability review agent in Argus. [PITH_FULL_IMAGE:figures/full_fig_p012_8.png] view at source ↗

**Figure 9.** Figure 9: The final vulnerability analysis report exported by Argus. [PITH_FULL_IMAGE:figures/full_fig_p013_9.png] view at source ↗

read the original abstract

Recent advancements in Large Language Models (LLMs) have sparked interest in their application to Static Application Security Testing (SAST), primarily due to their superior contextual reasoning capabilities compared to traditional symbolic or rule-based methods. However, existing LLM-based approaches typically attempt to replace human experts directly without integrating effectively with existing SAST tools. This lack of integration results in ineffectiveness, including high rates of false positives, hallucinations, limited reasoning depth, and excessive token usage, making them impractical for industrial deployment. To overcome these limitations, we present a paradigm shift that reorchestrates the SAST workflow from current LLM-assisted structure to a new LLM-centered workflow. We introduce Argus (Agentic and Retrieval-Augmented Guarding System), the first multi-agent framework designed specifically for vulnerability detection. Argus incorporates three key novelties: comprehensive supply chain analysis, collaborative multi-agent workflows, and the integration of state-of-the-art techniques such as Retrieval-Augmented Generation (RAG) and ReAct to minimize hallucinations and enhance reasoning. Extensive empirical evaluation demonstrates that Argus significantly outperforms existing methods by detecting a higher volume of true vulnerabilities while simultaneously reducing false positives and operational costs. Notably, Argus has identified several critical zero-day vulnerabilities with CVE assignments.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript introduces Argus, a multi-agent framework for static application security testing (SAST) that shifts from LLM-assisted to LLM-centered workflows. It incorporates three novelties: comprehensive supply-chain analysis, collaborative multi-agent orchestration, and integration of RAG plus ReAct to reduce hallucinations and improve reasoning depth. The central claims are that extensive empirical evaluation shows Argus detects more true vulnerabilities than prior methods while lowering false positives and operational costs, and that it has discovered several critical zero-day vulnerabilities assigned CVEs.

Significance. If the empirical results hold after proper validation and disclosure, Argus would demonstrate a practical way to combine traditional static analysis with LLM agents, addressing well-known failure modes such as high false-positive rates and hallucinations. The reported zero-day findings would constitute concrete evidence of industrial utility, and the cost-reduction aspect would be relevant for scaling SAST in large codebases. The work also supplies a concrete testbed for multi-agent designs in security that future papers could build upon or ablate.

major comments (3)

[Evaluation] Evaluation section: the abstract and main claims assert 'significant outperformance' and 'higher volume of true vulnerabilities' with reduced false positives, yet no quantitative metrics (precision, recall, F1, or statistical tests), dataset sizes, baseline implementations, or cross-validation details are provided. This absence makes the central performance claim unverifiable from the manuscript.
[Zero-day discovery claims] Zero-day discovery subsection: the statement that Argus 'has identified several critical zero-day vulnerabilities with CVE assignments' is unsupported by any description of the scanned codebases, responsible-disclosure timeline, false-positive filtering procedure applied to LLM outputs, or confirmation that the flaws were previously unknown rather than re-labeled. Without these elements the CVE claims rest on unverified agent outputs.
[§3 and §4] §3 (Methodology) and §4 (Evaluation): no ablation study isolates the contribution of the multi-agent ensemble plus RAG/ReAct from the supply-chain analysis component, nor is there measurement of token overhead or new error modes introduced by the collaborative workflow on industrial-scale repositories. These omissions leave the weakest assumption of the approach untested.

minor comments (2)

[Abstract] The abstract would be clearer if it briefly named the concrete benchmarks or open-source repositories used for the 'extensive empirical evaluation.'
[§3.2] Notation for agent roles and the ReAct loop could be made consistent between the workflow diagram and the textual description to avoid ambiguity for readers reproducing the system.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their thorough review and constructive suggestions. We address each major comment below and outline the revisions we will make to strengthen the manuscript.

read point-by-point responses

Referee: [Evaluation] Evaluation section: the abstract and main claims assert 'significant outperformance' and 'higher volume of true vulnerabilities' with reduced false positives, yet no quantitative metrics (precision, recall, F1, or statistical tests), dataset sizes, baseline implementations, or cross-validation details are provided. This absence makes the central performance claim unverifiable from the manuscript.

Authors: We acknowledge that the evaluation section in the submitted manuscript presents results narratively without a consolidated table of quantitative metrics. In the revised version we will add a dedicated results table reporting precision, recall, F1, dataset sizes (projects and vulnerabilities), baseline implementations with citations, and statistical significance tests (e.g., McNemar or Wilcoxon). Cross-validation details will also be explicitly stated. revision: yes
Referee: [Zero-day discovery claims] Zero-day discovery subsection: the statement that Argus 'has identified several critical zero-day vulnerabilities with CVE assignments' is unsupported by any description of the scanned codebases, responsible-disclosure timeline, false-positive filtering procedure applied to LLM outputs, or confirmation that the flaws were previously unknown rather than re-labeled. Without these elements the CVE claims rest on unverified agent outputs.

Authors: We agree that the zero-day subsection requires additional supporting information. The revised manuscript will expand this section with descriptions of the scanned codebases (anonymized where necessary), the responsible-disclosure timeline, the LLM-output filtering procedure (including human review), and evidence that the reported flaws were previously unknown (CVE assignment dates and vendor confirmations). Anonymized report excerpts will be provided as supplementary material. revision: yes
Referee: [§3 and §4] §3 (Methodology) and §4 (Evaluation): no ablation study isolates the contribution of the multi-agent ensemble plus RAG/ReAct from the supply-chain analysis component, nor is there measurement of token overhead or new error modes introduced by the collaborative workflow on industrial-scale repositories. These omissions leave the weakest assumption of the approach untested.

Authors: The current manuscript contains comparative evaluations but lacks explicit ablations and overhead measurements. We will add an ablation study in the revised §4 that isolates the multi-agent ensemble, RAG, ReAct, and supply-chain components. Token usage will be reported for each configuration, and any new error modes (e.g., coordination failures) on industrial-scale repositories will be analyzed and discussed. revision: yes

Circularity Check

0 steps flagged

No circularity: empirical system description with independent evaluation

full rationale

The paper introduces Argus as a multi-agent SAST framework incorporating supply-chain analysis, RAG, and ReAct, then supports its claims of superior vulnerability detection and zero-day findings exclusively through empirical evaluation. No equations, fitted parameters, predictions derived from inputs, or self-referential definitions appear in the provided abstract or described structure. Performance assertions rest on external benchmarks and reported results rather than any reduction to the paper's own definitions or prior self-citations. This matches the default case of a self-contained engineering paper whose central claims are falsifiable against independent test suites.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Only the abstract is available; no free parameters, axioms, or invented entities are explicitly stated or derivable from the provided text.

pith-pipeline@v0.9.0 · 5559 in / 1187 out tokens · 53613 ms · 2026-05-10T18:10:45.251271+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Argus incorporates three key novelties: comprehensive supply chain analysis, collaborative multi-agent workflows, and the integration of state-of-the-art techniques such as Retrieval-Augmented Generation (RAG) and ReAct
IndisputableMonolith/Foundation/ArithmeticFromLogic.lean absolute_floor_iff_bare_distinguishability unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We utilize ReAct (Yao et al., 2023) to meet the long-term reasoning requirements in data flow review and PoC generation

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

Refute-or-Promote: An Adversarial Stage-Gated Multi-Agent Review Methodology for High-Precision LLM-Assisted Defect Discovery
cs.CR 2026-04 unverdicted novelty 7.0

Refute-or-Promote applies adversarial multi-agent review with kill gates and empirical verification to filter LLM defect candidates, killing 79-83% before disclosure and yielding 4 CVEs plus multiple accepted fixes ac...

Reference graph

Works this paper leans on

5 extracted references · 4 canonical work pages · cited by 1 Pith paper

[1]

Kaixuan Li, Sen Chen, Lingling Fan, Ruitao Feng, Han Liu, Chengwei Liu, Yang Liu, and Yixiang Chen

Enhancing static analysis for practical bug detection: An llm-integrated approach.Proceed- ings of the ACM on Programming Languages, 8(OOPSLA1):474–499. Kaixuan Li, Sen Chen, Lingling Fan, Ruitao Feng, Han Liu, Chengwei Liu, Yang Liu, and Yixiang Chen
[2]

InPro- ceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foun- dations of Software Engineering, pages 921–933

Comparison and evaluation on static appli- cation security testing (sast) tools for java. InPro- ceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foun- dations of Software Engineering, pages 921–933. Ziyang Li, Saikat Dutta, and Mayur Naik. 2025. Llm- assisted static analysis for detecting security vulner- abili...

work page arXiv 2025
[3]

Tianjun Wang, Yujia Liu, Yiming Zhang, and 1 others

From cve entries to verifiable exploits: An automated multi-agent framework for reproducing cves.arXiv preprint arXiv:2509.01835. Tianjun Wang, Yujia Liu, Yiming Zhang, and 1 others

work page arXiv
[4]

Plan-and-execute: A modular agent architec- ture for tool-use tasks. InICLR. Jason Wei, Xuezhi Wang, Dale Schuurmans, Maarten Bosma, Fei Xia, Ed Chi, Quoc V Le, Denny Zhou, and 1 others. 2022. Chain-of-thought prompting elic- its reasoning in large language models.Advances in neural information processing systems, 35:24824– 24837. Chunqiu Steven Xia and L...

work page arXiv 2022
[5]

Where llm agents fail and how they can learn from failures.arXiv preprint arXiv:2509.25370, 2025

Large language model for vulnerability de- tection and repair: Literature review and the road ahead.ACM Transactions on Software Engineering and Methodology, 34(5):1–31. Xin Zhou, Ting Zhang, and David Lo. 2024b. Large language model for vulnerability detection: Emerg- ing results and future directions. InProceedings of the 2024 ACM/IEEE 44th Internationa...

work page arXiv 2024