English

VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection

Software Engineering 2026-03-17 v1 Artificial Intelligence

Abstract

Software vulnerability detection is critical in software en- gineering as security flaws arise from complex interactions across code structure, repository context, and runtime conditions. Existing meth- ods are limited by local code views, one-shot prediction, and insuffi- cient validation, reducing reliability in realistic repository-level settings. This study proposes VulnAgentX, a layered agentic framework integrat- ing lightweight risk screening, bounded context expansion, specialised analysis agents, selective dynamic verification, and evidence fusion into a unified pipeline. Experiments on function-level and just-in-time vul- nerability benchmarks show VulnAgent-X outperforms static baselines, encoder-based models, and simpler agentic variants, with better local- isation and balanced performance-cost trade-offs. Treating vulnerabil- ity detection as a staged, evidence-driven auditing process improves de- tection quality, reduces false positives, and produces interpretable re- sults for repository-level software security analysis. Code is available at https://github.com/xiaolu-666113/Vlun-Agent-X.

Keywords

Cite

@article{arxiv.2603.13384,
  title  = {VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection},
  author = {Renwei Meng and Haoyi Wu and Jingming Wang and Haoyan Bai},
  journal= {arXiv preprint arXiv:2603.13384},
  year   = {2026}
}

Comments

12 pages, 4 figures

R2 v1 2026-07-01T11:19:07.674Z