Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

· Source: cs.SE updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, extended

Summary

Veritas is a hybrid, semantically grounded agentic framework designed for detecting memory corruption vulnerabilities in stripped binaries. It integrates a static slicer, "defuse", which reconstructs interprocedural value-flow from RetDec-lifted LLVM IR, with a dual-view LLM detector, "discovery". The detector performs step-wise reasoning over statically grounded candidate flows using both RetDec-decompiled C and selectively instantiated LLVM IR. A multi-agent "validator" then confirms or rejects detector hypotheses by grounding them in debugger-visible artifacts and concrete runtime evidence. Evaluated on a curated benchmark, Veritas achieved 90% recall. An exhaustive validation of 623 candidate vulnerabilities produced no false positives. Furthermore, Veritas successfully discovered a previously unknown Apple vulnerability (0day), which was confirmed and assigned a CVE.

Key takeaway

For AI Security Engineers tasked with identifying memory corruption vulnerabilities in stripped binaries, traditional static analysis and ungrounded LLM approaches prove largely ineffective. You should prioritize tools that integrate semantic grounding, like Veritas, which achieved 90% recall and discovered a zero-day. This hybrid approach, combining static flow analysis with runtime validation, significantly reduces false positives and enhances detection reliability, making it crucial for high-stakes binary security assessments.

Key insights

Semantic grounding in static and runtime evidence is crucial for reliable binary vulnerability detection.

Principles

Method

A semantic-driven Slicer extracts witness-backed flows; a dual-view Detector reasons over these flows; a multi-agent Validator confirms hypotheses via targeted execution.

In practice

Topics

Code references

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Scientist, Research Scientist

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.SE updates on arXiv.org.