Code-Augur: Agentic Vulnerability Detection via Specification Inference
Researchers have developed Code-Augur, a new system designed to improve the reliability of AI agents in detecting software vulnerabilities. Code-Augur addresses the opacity of current agentic analysis by explicitly defining and refining security specifications. The system works by exposing an agent's assumptions as security specifications and then using a guided fuzzer to test these assumptions, either uncovering vulnerabilities or refining the specifications. This approach has demonstrated effectiveness in detecting more vulnerabilities than other state-of-the-art agents and has identified 22 new vulnerabilities in open-source projects, outperforming specialized models like Claude "Mythos" when using widely available LLMs such as Sonnet and DeepSeek. AI
IMPACT Enhances trust and effectiveness in AI-driven software security analysis, potentially accelerating vulnerability discovery.