The reviewed record of science sign in
Pith

arxiv: 2606.13757 · v2 · pith:IH6GDFZO · submitted 2026-06-11 · cs.CR · cs.AI

SEVRA-BENCH: Social Engineering of Vulnerabilities in Review Agents

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:IH6GDFZOrecord.jsonopen to challenge →

classification cs.CR cs.AI
keywords reviewagentscodesevra-benchnarrativeadversarialbenchmarkchange
0
0 comments X
read the original abstract

Large language models (LLMs) are increasingly deployed in automated code-review systems, where their approvals can determine which code is merged into shared repositories. However, it is unclear whether review agents can detect vulnerability-introducing code when an attacker controls both the code change and the persuasive Pull Request (PR) narrative designed to mask it. We introduce SEVRA-BENCH (Social Engineering of Vulnerabilities in Review Agents), a benchmark that measures how often a review agent approves such adversarial PR s. Each PR in SEVRA-BENCH is built from a historical commit that fixed a vulnerability. We automatically reverse that fix to extract the original vulnerable code, and submit the resulting code change as a PR wrapped in one of 15 social-engineering framings. To test review-agent resilience to narrative manipulation, these framings vary dimensions such as supporting evidence, conveyed urgency, signals of prior approval, and appeals to authority. SEVRA-BENCH evaluates a retained challenge split of roughly 1000 adversarial PRs drawn from publicly disclosed vulnerability fixes across the top 10 entries of the MITRE's 2025 most dangerous software weaknesses. Evaluating 8 review agents against this benchmark, we reveal that review agents are susceptible to narrative manipulation, exposing a significant gap in security capabilities.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.