BotBeat
...
← Back

> ▌

Research CommunityResearch Community
RESEARCHResearch Community2026-05-27

FuzzingBrain V2: Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities with 90% Detection Rate

Key Takeaways

  • ▸FuzzingBrain V2 achieved 90% vulnerability detection rate in competition testing (36/40 vulnerabilities)
  • ▸Discovered and reproduced 29 zero-day vulnerabilities across 12 open-source projects in real-world deployment
  • ▸Introduced 'Suspicious Point' abstraction for optimal-granularity vulnerability localization, balancing context and precision
Source:
Hacker Newshttps://arxiv.org/abs/2605.21779↗

Summary

Researchers have unveiled FuzzingBrain V2, a sophisticated multi-agent LLM system designed to automate vulnerability discovery and reproduction in software code. The system addresses three critical challenges in LLM-based security analysis: high false-positive rates in vulnerability reports, suboptimal granularity for vulnerability localization, and difficulty reasoning about complex cross-function vulnerabilities.

The system introduces novel contributions including a control-flow-based abstraction called "Suspicious Point" for precise vulnerability localization, logic-driven hierarchical function analysis with dual-layer fuzzing, and MCP-based static and dynamic analysis tools. Built on Google's OSS-Fuzz to ensure all reported vulnerabilities are reproducible, FuzzingBrain V2 achieved a 90% detection rate (36 of 40 vulnerabilities) in the 2025 AIxCC Final Competition C/C++ dataset.

In real-world deployment, the system demonstrated remarkable impact by discovering 29 zero-day vulnerabilities across 12 open-source projects. All identified vulnerabilities were confirmed and fixed by project maintainers, with 2 assigned official CVE IDs. This represents a significant step forward in automated security analysis and the practical application of multi-agent AI systems to cybersecurity.

  • All discovered vulnerabilities confirmed and patched by maintainers; 2 assigned CVE IDs

Editorial Opinion

This research demonstrates the transformative potential of multi-agent LLM systems for cybersecurity. The ability to automatically discover, reproduce, and verify zero-day vulnerabilities at scale could fundamentally accelerate the security posture of open-source software that powers critical infrastructure. The key breakthrough—ensuring all AI-generated findings are fuzzer-reproducible—addresses a major credibility gap in prior LLM-based security work.

AI AgentsMachine LearningCybersecurity

More from Research Community

Research CommunityResearch Community
RESEARCH

PixelRAG: Researchers Demonstrate Web Screenshots Outperform Text for AI Retrieval Systems

2026-07-09
Research CommunityResearch Community
RESEARCH

AI Alignment Methods Unintentionally Building a Censor's Toolkit, ICML 2026 Paper Warns

2026-07-08
Research CommunityResearch Community
RESEARCH

Zombie Agents: Security Researchers Uncover Persistent Control Vulnerability in Self-Evolving LLM Agents

2026-07-07

Comments

Suggested

AnthropicAnthropic
UPDATE

Anthropic Removes Hidden Tracking Code from Claude Code After Transparency Controversy

2026-07-11
MenteDBMenteDB
PRODUCT LAUNCH

MenteDB Launches Open-Source AI Memory Engine for Persistent Agent Context

2026-07-11
AnthropicAnthropic
RESEARCH

Anthropic Unveils Hidden 'J-Space' Inside Claude Using New Mechanistic Interpretability Technique

2026-07-11
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us