PatchIsland: Orchestration of LLM Agents for Continuous Vulnerability Repair

TL;DR

PatchIsland is a system that integrates multiple LLM agents into continuous fuzzing pipelines to automate vulnerability repair, significantly improving repair coverage and robustness in noisy, real-world environments.

Contribution

It introduces a novel ensemble of LLM agents and a two-phase deduplication method tailored for continuous fuzzing, enabling effective autonomous vulnerability repair.

Findings

Repaired 84 out of 92 vulnerabilities internally.

Achieved 72.1% repair rate in the AIxCC competition.

Operated fully autonomously without human intervention.

Abstract

Continuous fuzzing platforms such as OSS-Fuzz uncover large numbers of vulnerabilities, yet the subsequent repair process remains largely manual. Unfortunately, existing Automated Vulnerability Repair (AVR) techniques -- including recent LLM-based systems -- are not directly applicable to continuous fuzzing. This is because these systems are designed and evaluated on a static, single-run benchmark setting, making them ill-suited for the diverse, noisy, and failure-prone environments in continuous fuzzing. To address these issues, we introduce PatchIsland, a system for Continuous Vulnerability Repair (CVR) that tightly integrates with continuous fuzzing pipelines. PatchIsland employs an ensemble of diverse LLM agents. By leveraging multiple LLM agents, PatchIsland can cover a wider range of settings (e.g., different projects, bug types, and programming languages) and also improve operational robustness. In addition, PatchIsland utilizes a two-phase patch-based deduplication to mitigate duplicate crashes and patches, which can be problematic in continuous fuzzing. In our internal evaluation, PatchIsland repaired 84 of 92 vulnerabilities, demonstrating strong repair capability. In the official AIxCC competition, the system operated with no human intervention in a fully autonomous environment and successfully patched 31 out of 43 vulnerabilities, achieving a repair rate of 72.1\%.