{"id":"https://openalex.org/W7128040510","doi":"https://doi.org/10.48550/arxiv.2602.04165","title":"PoC-Gym: Towards More Reliable LLM-Assisted Proof-of-Concept Exploit Generation","display_name":"PoC-Gym: Towards More Reliable LLM-Assisted Proof-of-Concept Exploit Generation","publication_year":2026,"publication_date":"2026-02-04","ids":{"openalex":"https://openalex.org/W7128040510","doi":"https://doi.org/10.48550/arxiv.2602.04165"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.04165","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5116142067","display_name":"Derin Gezgin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gezgin, Derin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125171199","display_name":"Amartya Das","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Das, Amartya","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035144499","display_name":"Shinhae Kim","orcid":"https://orcid.org/0000-0001-7318-3993"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kim, Shinhae","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125143143","display_name":"Zhengdong Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huang, Zhengdong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114975830","display_name":"Nevena Stojkovi\u0107","orcid":"https://orcid.org/0009-0004-3553-4309"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Stojkovic, Nevena","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5125121694","display_name":"Claire Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Claire","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.24529999494552612,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.24529999494552612,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1387999951839447,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.13609999418258667,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9258000254631042},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7121000289916992},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.503000020980835},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.4074999988079071},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.33059999346733093}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9258000254631042},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7199000120162964},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7121000289916992},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.503000020980835},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4636000096797943},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.429500013589859},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.4074999988079071},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.33059999346733093},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.29649999737739563},{"id":"https://openalex.org/C2776187449","wikidata":"https://www.wikidata.org/wiki/Q1513879","display_name":"Natural language generation","level":3,"score":0.2921999990940094},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2741999924182892},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.27390000224113464},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.26649999618530273},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2651999890804291}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.04165","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.04165","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.04165","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.04165","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Recently":[0],"Large":[1],"Language":[2],"Models":[3],"(LLMs)":[4],"have":[5,19],"been":[6,20],"used":[7],"in":[8,70],"security-related":[9],"tasks,":[10],"including":[11],"generating":[12],"proof-of-concept":[13],"(PoC)":[14],"exploits.":[15],"Several":[16],"LLM-assisted":[17],"approaches":[18,35],"proposed;":[21],"they":[22,51],"typically":[23],"generate":[24],"PoCs":[25,227],"from":[26],"vulnerability":[27,60],"descriptions":[28],"and":[29,93,101,104,126,150,228],"use":[30,52],"additional":[31],"guidance.":[32],"But,":[33,195],"such":[34,226],"are":[36],"often":[37],"ineffective":[38],"because":[39],"the":[40,59,118,128,131,157,164,168,173,197],"signals-such":[41],"as":[42],"printed":[43],"markers,":[44],"generated":[45],"files,":[46],"or":[47],"runtime":[48,148],"side":[49],"effects-that":[50],"for":[53,64,81,85,180,187,241],"validation":[54,149,155],"may":[55],"not":[56],"imply":[57],"that":[58,236],"is":[61,69,120,177],"triggered.":[62],"Research":[63],"more":[65,216],"reliable":[66,217],"PoC":[67,83,107,200,218],"generation":[68,84],"need":[71],"but":[72,207],"yet":[73],"remains":[74],"challenging.":[75],"We":[76,134,234],"propose":[77],"PoC-Gym,":[78],"a":[79,113,123],"pipeline":[80],"LLM-based":[82],"Java":[86,139],"security":[87],"vulnerabilities.":[88],"PoC-Gym":[89,136,175,202],"uses":[90],"both":[91],"static":[92,99],"dynamic":[94],"information,":[95],"e.g.,":[96],"CVE-tailored":[97],"prompts,":[98],"traces,":[100],"coverage-based":[102],"feedback,":[103],"iteratively":[105],"generates":[106,204],"candidates.":[108],"Each":[109],"candidate":[110],"goes":[111],"through":[112],"series":[114],"of":[115,130,163,199,225,232],"validations:":[116],"whether":[117],"execution":[119],"complete,":[121],"manifests":[122],"success":[124,186],"signal,":[125],"reaches":[127],"sink":[129],"target":[132],"trace.":[133],"evaluate":[135],"using":[137],"20":[138,165],"CVEs.":[140,166],"Across":[141],"338":[142],"runs,":[143],"116":[144],"candidates":[145,152],"pass":[146,153],"PoC-Gym's":[147],"65":[151],"post-hoc":[154,178],"against":[156],"ground-truth":[158],"vulnerable":[159],"locations,":[160],"covering":[161],"12":[162],"On":[167],"14-CVE":[169],"overlap":[170],"with":[171],"FaultLine,":[172],"strongest":[174],"configuration":[176],"valid":[179],"8":[181],"CVEs,":[182],"while":[183],"FaultLine":[184],"reports":[185],"5":[188],"CVEs":[189],"under":[190],"its":[191],"original":[192],"evaluation":[193],"criterion.":[194],"given":[196],"complexity":[198],"generation,":[201,219],"also":[203],"many":[205],"runtime-valid":[206],"post-hoc-invalid":[208],"PoCs.":[209],"To":[210],"better":[211],"understand":[212],"how":[213],"to":[214],"achieve":[215],"we":[220],"present":[221],"an":[222],"in-depth":[223],"analysis":[224],"identify":[229],"common":[230],"sources":[231],"failures.":[233],"believe":[235],"our":[237],"work":[238],"provides":[239],"insights":[240],"future":[242],"research.":[243]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-02-07T00:00:00"}
