Lingming Zhang

LLMs still miss over 60% of real-world bugs in critical software like V8 and SpiderMonkey, even when given access to PoCs and fixes, revealing a significant gap in their ability to automate complex security tasks.

An agentic pipeline can autonomously discover and verify real-world privilege escalation vulnerabilities in Windows COM binaries, outperforming both static analysis and existing coding agents.

LLMs can now autonomously validate their own bug reports with 1.3x higher accuracy and 9.8x lower false positives, thanks to a novel multi-agent framework that synthesizes, executes, and scrutinizes proof-of-concept tests.