Paper Detail

Synthesizing Multi-Agent Harnesses for Vulnerability Discovery

Hanzhi Liu, Chaofan Shou, Xiaonan Liu, Hongbo Wen, Yanju Chen, Ryan Jingyang Fang, Yu Feng

Browse

Workflow Queues

arxiv Score 9.3

Published 2026-04-22 · First seen 2026-04-23

General AI

Open paper source

Abstract

LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program that fixes which roles exist, how they pass information, which tools each may call, and how retries are coordinated. When the language model is held fixed, changing only the harness can still change success rates by several-fold on public agent benchmarks, yet most harnesses are written by hand; recent harness optimizers each search only a narrow slice of the design space and rely on coarse pass/fail feedback that gives no diagnostic signal about why a trial failed. AgentFlow addresses both limitations with a typed graph DSL whose search space jointly covers agent roles, prompts, tools, communication topology, and coordination protocol, paired with a feedback-driven outer loop that reads runtime signals from the target program itself to diagnose which part of the harness caused the failure and rewrite it accordingly. We evaluate AgentFlow on TerminalBench-2 with Claude Opus 4.6 and on Google Chrome with Kimi K2.5. AgentFlow reaches 84.3% on TerminalBench-2, the highest score in the public leaderboard snapshot we evaluate against, and discovers ten previously unknown zero-day vulnerabilities in Google Chrome, including two Critical sandbox-escape vulnerabilities (CVE-2026-5280 and CVE-2026-6297).

Workflow Status

Review status
pending
Role
unreviewed
Read priority
now
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

CORAL: Towards Autonomous Multi-Agent Evolution for Open-Ended Discovery 2026-04-02 · Score 14.0 General AI A Compound AI Agent for Conversational Grant Discovery 2026-05-04 · Score 11.4 Research Track B · General AI Phase-Scheduled Multi-Agent Systems for Token-Efficient Coordination 2026-04-19 · Score 14.3 Research Track B · General AI Natural-Language Agent Harnesses 2026-03-26 · Score 10.8 General AI Recursive Multi-Agent Systems 2026-04-28 · Score 16.8 General AI

BibTeX

@article{liu2026synthesizing,
  title = {Synthesizing Multi-Agent Harnesses for Vulnerability Discovery},
  author = {Hanzhi Liu and Chaofan Shou and Xiaonan Liu and Hongbo Wen and Yanju Chen and Ryan Jingyang Fang and Yu Feng},
  year = {2026},
  abstract = {LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program that fixes which roles exist, how they pass information, which tools each may call, and how retries are coordinated. When the language model is held fixed, changing only the harness can still change succe},
  url = {https://arxiv.org/abs/2604.20801},
  keywords = {cs.CR},
  eprint = {2604.20801},
  archiveprefix = {arXiv},
}

Metadata

{}