Search papers, labs, and topics across Lattice.
This paper introduces PAGENT, a novel LLM-based agent that leverages static and dynamic program analysis to improve proof-of-concept (PoC) generation for software vulnerabilities. PAGENT uses static analysis to guide the LLM towards relevant code paths and dynamic analysis (sanitizer-based profiling and coverage) to refine the PoC generation process. Experiments show PAGENT achieves a 132% improvement in PoC generation success rate compared to a state-of-the-art agentic approach.
LLMs can generate proofs-of-concept for software vulnerabilities with significantly higher success rates when guided by static and dynamic program analysis.
Software developers frequently receive vulnerability reports that require them to reproduce the vulnerability in a reliable manner by generating a proof-of-concept (PoC) input that triggers it. Given the source code for a software project and a specific code location for a potential vulnerability, automatically generating a PoC for the given vulnerability has been a challenging research problem. Symbolic execution and fuzzing techniques require expert guidance and manual steps and face scalability challenges for PoC generation. Although recent advances in LLMs have increased the level of automation and scalability, the success rate of PoC generation with LLMs remains quite low. In this paper, we present a novel approach called Program Analysis Guided proof of concept generation agENT (PAGENT) that is scalable and significantly improves the success rate of automated PoC generation compared to prior results. PAGENT integrates lightweight and rule-based static analysis phases for providing static analysis guidance and sanitizer-based profiling and coverage information for providing dynamic analysis guidance with a PoC generation agent. Our experiments demonstrate that the resulting hybrid approach significantly outperforms the prior top-performing agentic approach by 132% for the PoC generation task.
