{"id":"https://openalex.org/W7138432001","doi":"https://doi.org/10.48550/arxiv.2603.13384","title":"VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection","display_name":"VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection","publication_year":2026,"publication_date":"2026-03-11","ids":{"openalex":"https://openalex.org/W7138432001","doi":"https://doi.org/10.48550/arxiv.2603.13384"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.13384","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.13384","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.13384","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129720118","display_name":"Renwei Meng","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Meng, Renwei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129701576","display_name":"Haoyi Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Haoyi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089999939","display_name":"Jingming Wang","orcid":"https://orcid.org/0000-0003-1309-7211"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Jingming","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5129679373","display_name":"Haoyan Bai","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bai, Haoyan","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5129720118"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.5920000076293945,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.5920000076293945,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.14159999787807465,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.10830000042915344,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6154000163078308},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5911999940872192},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5580999851226807},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.534600019454956},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.5123999714851379},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4553999900817871},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.4311000108718872},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.41179999709129333},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.39890000224113464}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7125999927520752},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6154000163078308},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5911999940872192},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5580999851226807},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.534600019454956},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.5123999714851379},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4553999900817871},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.4311000108718872},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.41179999709129333},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.39890000224113464},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.38690000772476196},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.373199999332428},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.36329999566078186},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.352400004863739},{"id":"https://openalex.org/C34388435","wikidata":"https://www.wikidata.org/wiki/Q2267362","display_name":"Bounded function","level":2,"score":0.33239999413490295},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.31049999594688416},{"id":"https://openalex.org/C10272871","wikidata":"https://www.wikidata.org/wiki/Q929972","display_name":"Software inspection","level":5,"score":0.3084999918937683},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.30730000138282776},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3061000108718872},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2985000014305115},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.29190000891685486},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.29179999232292175},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.28619998693466187},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2842999994754791},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.27129998803138733},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26759999990463257},{"id":"https://openalex.org/C33954974","wikidata":"https://www.wikidata.org/wiki/Q486494","display_name":"Sensor fusion","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.25859999656677246},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2506999969482422}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.13384","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.13384","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.13384","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.13384","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6518540382385254}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Software":[0],"vulnerability":[1],"detection":[2,104],"is":[3,129],"critical":[4],"in":[5,41],"software":[6,125],"en-":[7],"gineering":[8],"as":[9,105],"security":[10,126],"flaws":[11],"arise":[12],"from":[13],"complex":[14],"interactions":[15],"across":[16],"code":[17,31],"structure,":[18],"repository":[19],"context,":[20],"and":[21,35,67,77,89,97,118],"runtime":[22],"conditions.":[23],"Existing":[24],"meth-":[25],"ods":[26],"are":[27],"limited":[28],"by":[29],"local":[30],"views,":[32],"one-shot":[33],"prediction,":[34],"insuffi-":[36],"cient":[37],"validation,":[38],"reducing":[39],"reliability":[40],"realistic":[42],"repository-level":[43,124],"settings.":[44],"This":[45],"study":[46],"proposes":[47],"VulnAgentX,":[48],"a":[49,71,106],"layered":[50],"agentic":[51,91],"framework":[52],"integrat-":[53],"ing":[54],"lightweight":[55],"risk":[56],"screening,":[57],"bounded":[58],"context":[59],"expansion,":[60],"specialised":[61],"analysis":[62],"agents,":[63],"selective":[64],"dynamic":[65],"verification,":[66],"evidence":[68],"fusion":[69],"into":[70],"unified":[72],"pipeline.":[73],"Experiments":[74],"on":[75],"function-level":[76],"just-in-time":[78],"vul-":[79],"nerability":[80],"benchmarks":[81],"show":[82],"VulnAgent-X":[83],"outperforms":[84],"static":[85],"baselines,":[86],"encoder-based":[87],"models,":[88],"simpler":[90],"variants,":[92],"with":[93],"better":[94],"local-":[95],"isation":[96],"balanced":[98],"performance-cost":[99],"trade-offs.":[100],"Treating":[101],"vulnerabil-":[102],"ity":[103],"staged,":[107],"evidence-driven":[108],"auditing":[109],"process":[110],"improves":[111],"de-":[112],"tection":[113],"quality,":[114],"reduces":[115],"false":[116],"positives,":[117],"produces":[119],"interpretable":[120],"re-":[121],"sults":[122],"for":[123],"analysis.":[127],"Code":[128],"available":[130],"at":[131],"https://github.com/xiaolu-666113/Vlun-Agent-X.":[132]},"counts_by_year":[],"updated_date":"2026-03-18T06:31:55.123368","created_date":"2026-03-18T00:00:00"}