Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction (arxiv.org)

Researchers have announced the release of FuzzingBrain V2, a multi-agent system designed for automated vulnerability discovery and reproduction, a significant advance in addressing the critical threat posed by software vulnerabilities. With almost 50,000 CVEs reported in 2025, the integration of Large Language Models (LLMs) can improve detection, but previous methods faced challenges like high false positives, poor localization granularity, and difficulties in reasoning about complex vulnerabilities. FuzzingBrain V2 tackles these issues by utilizing Google’s OSS-Fuzz for fully automated analysis, introducing a new control-flow-based abstraction called Suspicious Point for precise vulnerability localization, enhancing function coverage through dual-layer fuzzing, and employing MCP-based static and dynamic analyses to better handle complex interdependencies. In practical applications, FuzzingBrain V2 demonstrated its effectiveness by achieving a remarkable 90% detection rate on a competitive dataset and identifying 29 zero-day vulnerabilities across 12 open-source projects, all confirmed and fixed by maintainers. This development holds significant implications for the AI/ML community, showcasing how advanced LLM techniques can create tools that not only enhance vulnerability discovery but also promote safer software development practices, ultimately supporting the design of more resilient applications in an increasingly digital world.