Firmhive: LLMs as Firmware Experts, a Runtime-Grown Tree-of-Agents Framework (arxiv.org)

Researchers have unveiled FIRMHIVE, an innovative framework that leverages Large Language Models (LLMs) as autonomous agents for firmware security analysis. Given the challenges posed by the binary nature of firmware and its complex dependencies, FIRMHIVE introduces a recursive agent hive system, significantly enhancing the capabilities of LLMs in automating code reasoning and vulnerability detection. The framework achieves this through two primary mechanisms: transforming agent delegation into a per-agent executable primitive and developing a runtime Tree of Agents for decentralized coordination. The results from evaluating FIRMHIVE on real-world firmware datasets are compelling. It demonstrates approximately 16 times more reasoning steps and inspects 2.3 times more files than previous LLM-agent baselines, generating 5.6 times more alerts per firmware instance. Moreover, compared to state-of-the-art security tools, FIRMHIVE identifies 1.5 times more vulnerabilities, recording a total of 1,802 with a precision of 71%. This advancement marks a significant leap in firmware analysis, providing the AI/ML community with a powerful tool that enhances both the efficiency and reliability of vulnerability detection in complex digital environments.