TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs
Ting Zhang, Yikun Li, Chengran Yang, Ratnadira Widyasari, Yue Liu, Ngoc Tan Bui, Phuc Thanh Nguyen, Yan Naing Tun, Ivana Clairine Irsan, Huu Hung Nguyen, Huihui Huang, Jinfeng Jiang, Lwin Khin Shar, Eng Lieh Ouh, David Lo, Hong Jin Kang, Yide Yin, Wen Bin Leow
TL;DR
TitanCA leverages orchestrated LLM agents in a four-module pipeline to discover over 200 CVEs and 203 zero-day vulnerabilities in open-source software, demonstrating practical effectiveness.
Contribution
This work introduces TitanCA, a novel LLM-based vulnerability discovery system with a four-module architecture, achieving significant CVE discovery in real-world software.
Findings
Discovered 203 confirmed zero-day vulnerabilities.
Yielded 118 CVEs in open-source software.
Provided practical lessons for deploying LLM-based security tools.
Abstract
Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing (SAST) tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative project between Singapore Management University and GovTech Singapore that orchestrates multiple large language model (LLM)-powered agents into a unified vulnerability discovery pipeline. Applied in open-source software, TitanCA has discovered 203 confirmed zero-day vulnerabilities and yielded 118 CVEs. We describe the four-module architecture, i.e., matching, filtering, inspection, and adaptation, and share key lessons from building and deploying an LLM-based vulnerability discovery solution in practice.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.