0

Agentic Vulnerability Reasoning on COTS Binaries

LLM agents have been increasingly adopted for solving security tasks. However, existing evaluations usually require source code access, while commercial off-the-shelf (COTS) binaries dominate deployed software and require reasoning from stripped, optimized machine code.

Preview
Year
2026
Hosting
Full text hostedCC-BY-4.0

Cite

Notes

Only stored in your browser.

Attribution

Abstract & full text
arxiv.org/abs/2605.05000CC-BY-4.0
TL;DR
Semantic Scholar
Attribution policy →

Abstract

LLM agents have been increasingly adopted for solving security tasks. However, existing evaluations usually require source code access, while commercial off-the-shelf (COTS) binaries dominate deployed software and require reasoning from stripped, optimized machine code. This discrepancy raises an important question: can modern LLM agents reason about vulnerabilities in critical COTS binaries? Motivated by this question, we build SLYP, a REACT-style pipeline for end-to-end vulnerability discovery and validation of COTS binaries. SLYP combines extensible MCP servers for binary exploration and dynamic debugging, and validates candidate vulnerabilities by synthesizing debugger-verified proof-of-concept (PoC) crashes. We evaluate SLYP and production coding agents, including Claude Code and Codex, on COTS Windows binaries centered on a 20-object COM benchmark. SLYP uncovers all 64 vulnerable entry functions while default production agents miss up to 15; SLYP also surfaces more true vulnerabilities than the state-of-the-art static analyzer, which discovers at most 35 with a large number of false positives. For validation, SLYP generates debugger-verified PoCs for 67.5% of cases, while default production agents generate none. Further ablations show that tool sets and model choice materially affect COTS binary reasoning. Our additional evaluation also demonstrates the generalizability of SLYP on Windows kernel targets. To date, SLYP has uncovered 39 zero-day vulnerabilities, 31 in COM/RPC services and 8 in kernel drivers, all disclosed to the Microsoft Security Response Center (MSRC), with 23 assigned CVEs and $203,000 bounty awards.