Search papers, labs, and topics across Lattice.
TitanCA, a multi-agent LLM system, was developed to automate vulnerability discovery in open-source software by integrating matching, filtering, inspection, and adaptation modules. This system significantly reduces false positives compared to traditional SAST tools by leveraging the reasoning capabilities of LLMs. TitanCA discovered 203 zero-day vulnerabilities, resulting in 118 CVEs, demonstrating the potential of LLM-based automation in cybersecurity.
LLM agents are not just chatbots: they can find hundreds of real-world software vulnerabilities that traditional tools miss.
Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing (SAST) tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative project between Singapore Management University and GovTech Singapore that orchestrates multiple large language model (LLM)-powered agents into a unified vulnerability discovery pipeline. Applied in open-source software, TitanCA has discovered 203 confirmed zero-day vulnerabilities and yielded 118 CVEs. We describe the four-module architecture, i.e., matching, filtering, inspection, and adaptation, and share key lessons from building and deploying an LLM-based vulnerability discovery solution in practice.
