Program Analysis Guided LLM Agent for Proof-of-Concept Generation

A research team from UC Santa Barbara has developed PAGENT (Program Analysis Guided proof of concept generation agENT), a novel AI system that dramatically improves automated vulnerability testing. The system addresses a critical bottleneck in software security: when developers receive vulnerability reports, they need to generate proof-of-concept (PoC) inputs to reliably reproduce the issue. Traditional methods like symbolic execution and fuzzing require expert guidance and manual intervention, while pure LLM approaches have shown low success rates.

PAGENT's breakthrough comes from its hybrid architecture that combines multiple analysis techniques. The system uses lightweight, rule-based static analysis to provide initial guidance to the LLM agent, then incorporates sanitizer-based profiling and coverage information for dynamic analysis guidance. This layered approach allows the AI to understand both the code structure and runtime behavior, enabling more effective PoC generation. The researchers tested their system against prior state-of-the-art agentic approaches and achieved a remarkable 132% improvement in success rates for generating valid proof-of-concept inputs.

The system represents a significant advancement in automated software security testing. By integrating program analysis techniques with modern LLM capabilities, PAGENT provides a scalable solution that reduces the manual effort required for vulnerability validation. This could transform how security teams handle bug reports, allowing them to quickly verify and prioritize vulnerabilities before they're exploited. The approach demonstrates how combining traditional software engineering techniques with AI can solve complex problems that neither approach could handle alone.