Co-RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents

TL;DR

Co-RedTeam is a multi-agent framework that enhances cybersecurity vulnerability discovery and exploitation by integrating real-time execution feedback, structured reasoning, and memory, significantly outperforming existing methods.

Contribution

It introduces a novel multi-agent system that mimics red-teaming workflows with execution-grounded reasoning, improving vulnerability detection and exploitation capabilities.

Findings

Achieves over 60% success rate in vulnerability exploitation.

Over 10% absolute improvement in vulnerability detection.

Execution feedback and memory are critical for robustness.

Abstract

Large language models (LLMs) have shown promise in assisting cybersecurity tasks, yet existing approaches struggle with automatic vulnerability discovery and exploitation due to limited interaction, weak execution grounding, and a lack of experience reuse. We propose Co-RedTeam, a security-aware multi-agent framework designed to mirror real-world red-teaming workflows by integrating security-domain knowledge, code-aware analysis, execution-grounded iterative reasoning, and long-term memory. Co-RedTeam decomposes vulnerability analysis into coordinated discovery and exploitation stages, enabling agents to plan, execute, validate, and refine actions based on real execution feedback while learning from prior trajectories. Extensive evaluations on challenging security benchmarks demonstrate that Co-RedTeam consistently outperforms strong baselines across diverse backbone models, achieving over 60% success rate in vulnerability exploitation and over 10% absolute improvement in vulnerability detection. Ablation and iteration studies further confirm the critical role of execution feedback, structured interaction, and memory for building robust and generalizable cybersecurity agents.