{"id":"https://openalex.org/W4415250701","doi":"https://doi.org/10.1109/icmla66185.2025.00212","title":"SecureFixAgent: A Hybrid LLM Agent for Automated Python Static Vulnerability Repair","display_name":"SecureFixAgent: A Hybrid LLM Agent for Automated Python Static Vulnerability Repair","publication_year":2025,"publication_date":"2025-12-03","ids":{"openalex":"https://openalex.org/W4415250701","doi":"https://doi.org/10.1109/icmla66185.2025.00212"},"language":"en","primary_location":{"id":"doi:10.1109/icmla66185.2025.00212","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00212","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2509.16275","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119896773","display_name":"Jugal Gajjar","orcid":null},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jugal Gajjar","raw_affiliation_strings":["The George Washington University,Computer Science Department,Washington D.C,USA"],"affiliations":[{"raw_affiliation_string":"The George Washington University,Computer Science Department,Washington D.C,USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119896774","display_name":"Kamalasankari Subramaniakuppusamy","orcid":null},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kamalasankari Subramaniakuppusamy","raw_affiliation_strings":["The George Washington University,Computer Science Department,Washington D.C,USA"],"affiliations":[{"raw_affiliation_string":"The George Washington University,Computer Science Department,Washington D.C,USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120024828","display_name":"Relsy Puthal","orcid":null},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Relsy Puthal","raw_affiliation_strings":["The George Washington University,Applied Economics Department,Washington D.C,USA"],"affiliations":[{"raw_affiliation_string":"The George Washington University,Applied Economics Department,Washington D.C,USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5119896437","display_name":"Kaustik Ranaware","orcid":null},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kaustik Ranaware","raw_affiliation_strings":["The George Washington University,Computer Science Department,Washington D.C,USA"],"affiliations":[{"raw_affiliation_string":"The George Washington University,Computer Science Department,Washington D.C,USA","institution_ids":["https://openalex.org/I193531525"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5119896773"],"corresponding_institution_ids":["https://openalex.org/I193531525"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.15023985,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1390","last_page":"1395"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T13650","display_name":"Computational Physics and Python Applications","score":0.9775000214576721,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T13650","display_name":"Computational Physics and Python Applications","score":0.9775000214576721,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9265000224113464,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.7696999907493591},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.6693000197410583},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5042999982833862},{"id":"https://openalex.org/keywords/safer","display_name":"SAFER","score":0.44600000977516174},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.44110000133514404},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.4388999938964844},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.43059998750686646},{"id":"https://openalex.org/keywords/software-portability","display_name":"Software portability","score":0.37599998712539673},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.37389999628067017}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7996000051498413},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.7696999907493591},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.6693000197410583},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5042999982833862},{"id":"https://openalex.org/C2776654903","wikidata":"https://www.wikidata.org/wiki/Q2601463","display_name":"SAFER","level":2,"score":0.44600000977516174},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.44110000133514404},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.4388999938964844},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.43059998750686646},{"id":"https://openalex.org/C63000827","wikidata":"https://www.wikidata.org/wiki/Q3080428","display_name":"Software portability","level":2,"score":0.37599998712539673},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.37389999628067017},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.350600004196167},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34850001335144043},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.34139999747276306},{"id":"https://openalex.org/C15569618","wikidata":"https://www.wikidata.org/wiki/Q3561421","display_name":"Liveness","level":2,"score":0.32429999113082886},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3140999972820282},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31150001287460327},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.30090001225471497},{"id":"https://openalex.org/C175291020","wikidata":"https://www.wikidata.org/wiki/Q1156822","display_name":"Offset (computer science)","level":2,"score":0.29190000891685486},{"id":"https://openalex.org/C62230096","wikidata":"https://www.wikidata.org/wiki/Q275969","display_name":"Crowdsourcing","level":2,"score":0.2858999967575073},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28439998626708984},{"id":"https://openalex.org/C2779982483","wikidata":"https://www.wikidata.org/wiki/Q6094420","display_name":"Iterative refinement","level":2,"score":0.28200000524520874},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.28110000491142273},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.28029999136924744},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.2773999869823456},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.27469998598098755},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.2630000114440918},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2556000053882599}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/icmla66185.2025.00212","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00212","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2509.16275","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.16275","pdf_url":"https://arxiv.org/pdf/2509.16275","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2509.16275","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2509.16275","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2509.16275","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.16275","pdf_url":"https://arxiv.org/pdf/2509.16275","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Modern":[0],"software":[1],"development":[2],"pipelines":[3],"face":[4],"growing":[5],"challenges":[6],"in":[7,38,65,177],"securing":[8],"large":[9],"codebases":[10],"with":[11,59,105,174],"extensive":[12],"dependencies.":[13],"Static":[14],"analysis":[15],"tools":[16],"like":[17],"Bandit":[18,58,97,108],"are":[19],"effective":[20],"at":[21],"vulnerability":[22,186],"detection":[23],"but":[24,43],"suffer":[25],"from":[26],"high":[27],"false":[28,126,140],"positives":[29,127,141],"and":[30,47,91,107,118,138,167],"lack":[31,48],"repair":[32,55],"capabilities.":[33],"Large":[34],"Language":[35],"Models":[36],"(LLMs),":[37],"contrast,":[39],"can":[40],"suggest":[41],"fixes":[42,104],"often":[44],"hallucinate":[45],"changes":[46],"self-validation.":[49],"We":[50],"present":[51],"SecureFixAgent,":[52],"a":[53,79,178],"hybrid":[54],"framework":[56],"integrating":[57],"lightweight":[60],"local":[61,180],"LLMs":[62],"(<8B":[63],"parameters)":[64],"an":[66],"iterative":[67],"detect\u2013repair\u2013validate":[68],"loop.":[69],"To":[70],"improve":[71],"precision,":[72],"we":[73],"apply":[74],"parameter-efficient":[75],"LoRA-based":[76],"fine-tuning":[77],"on":[78],"diverse,":[80],"curated":[81],"dataset":[82,89],"spanning":[83],"multiple":[84],"Python":[85],"project":[86],"domains,":[87],"mitigating":[88],"bias":[90],"reducing":[92],"unnecessary":[93],"edits.":[94],"SecureFixAgent":[95,124,182],"uses":[96],"for":[98,102,110,164,188],"detection,":[99],"the":[100],"LLM":[101],"candidate":[103],"explanations,":[106],"revalidation":[109],"verification,":[111],"all":[112],"executed":[113],"locally":[114],"to":[115,145],"preserve":[116],"privacy":[117],"reduce":[119],"cloud":[120],"reliance.":[121],"Experiments":[122],"show":[123],"reduces":[125],"by":[128,136,142],"10.8%":[129],"over":[130],"static":[131],"analysis,":[132],"improves":[133],"fix":[134],"accuracy":[135],"13.51%,":[137],"lowers":[139],"5.46%":[143],"compared":[144],"pre-trained":[146],"LLMs,":[147],"typically":[148],"converging":[149],"within":[150],"three":[151],"iterations.":[152],"Beyond":[153],"metrics,":[154],"developer":[155],"studies":[156],"rate":[157],"explanation":[158],"quality":[159],"4.5/5,":[160],"highlighting":[161],"its":[162],"value":[163],"human":[165],"trust":[166],"adoption.":[168],"By":[169],"combining":[170],"verifiable":[171],"security":[172],"improvements":[173],"transparent":[175],"rationale":[176],"resource-efficient":[179],"framework,":[181],"advances":[183],"trustworthy,":[184],"automated":[185],"remediation":[187],"modern":[189],"pipelines.":[190]},"counts_by_year":[],"updated_date":"2026-04-09T06:08:40.794217","created_date":"2025-10-16T00:00:00"}