{"id":"https://openalex.org/W7143356606","doi":"https://doi.org/10.48550/arxiv.2603.25930","title":"AVDA: Autonomous Vibe Detection Authoring for Cybersecurity","display_name":"AVDA: Autonomous Vibe Detection Authoring for Cybersecurity","publication_year":2026,"publication_date":"2026-03-26","ids":{"openalex":"https://openalex.org/W7143356606","doi":"https://doi.org/10.48550/arxiv.2603.25930"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.25930","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.25930","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.25930","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5130931639","display_name":"Fatih Bulut","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bulut, Fatih","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130964763","display_name":"Carlo DePaolis","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"DePaolis, Carlo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055032130","display_name":"Raghav Batta","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Batta, Raghav","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5115024155","display_name":"Anjali Mangal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mangal, Anjali","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.13760000467300415,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.13760000467300415,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.12439999729394913,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.11129999905824661,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.7451000213623047},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.5730000138282776},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.49300000071525574},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4180999994277954},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.39570000767707825},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3937999904155731},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.3792000114917755},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.3456000089645386},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.32249999046325684}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8095999956130981},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.7451000213623047},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.5730000138282776},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.49810001254081726},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.49300000071525574},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4180999994277954},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.39570000767707825},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3937999904155731},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.3792000114917755},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.3456000089645386},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.32249999046325684},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.3107999861240387},{"id":"https://openalex.org/C183003079","wikidata":"https://www.wikidata.org/wiki/Q1000371","display_name":"Personalization","level":2,"score":0.30489999055862427},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.30379998683929443},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.28839999437332153},{"id":"https://openalex.org/C60048249","wikidata":"https://www.wikidata.org/wiki/Q37437","display_name":"Syntax","level":2,"score":0.28619998693466187},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.28110000491142273},{"id":"https://openalex.org/C161615301","wikidata":"https://www.wikidata.org/wiki/Q309396","display_name":"Keystroke logging","level":2,"score":0.27900001406669617},{"id":"https://openalex.org/C178005623","wikidata":"https://www.wikidata.org/wiki/Q308859","display_name":"Anonymity","level":2,"score":0.27889999747276306},{"id":"https://openalex.org/C92446256","wikidata":"https://www.wikidata.org/wiki/Q3306762","display_name":"Data validation","level":2,"score":0.2766000032424927},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.27480000257492065},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.274399995803833},{"id":"https://openalex.org/C2779038628","wikidata":"https://www.wikidata.org/wiki/Q7248497","display_name":"Programming by demonstration","level":3,"score":0.2727999985218048},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.26179999113082886},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.25769999623298645},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.25380000472068787},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.2531999945640564},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.25930","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.25930","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.25930","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.25930","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.6889711022377014,"display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,23,69],"rapid":[2],"advancement":[3],"of":[4,25,110,138],"AI":[5],"in":[6,126],"code":[7,41,93],"generation,":[8],"cybersecurity":[9],"detection":[10,76,198],"engineering":[11,199],"faces":[12],"new":[13],"opportunities":[14],"to":[15,74],"automate":[16,75],"traditionally":[17],"manual":[18],"processes.":[19],"Detection":[20],"authoring":[21,77,98],"-":[22,36,82,90,100,105],"practice":[24],"creating":[26],"executable":[27],"logic":[28],"that":[29,67,119],"identifies":[30],"malicious":[31],"activities":[32],"from":[33],"security":[34],"telemetry":[35,85],"is":[37],"hindered":[38],"by":[39,78],"fragmented":[40],"across":[42,106],"repositories,":[43],"duplication,":[44],"and":[45,57,87,103,113,153,176,206],"limited":[46],"organizational":[47,80],"visibility.":[48],"Current":[49],"workflows":[50,121,135],"remain":[51],"heavily":[52],"manual,":[53],"constraining":[54],"both":[55],"coverage":[56],"velocity.":[58],"In":[59],"this":[60],"paper,":[61],"we":[62],"introduce":[63],"AVDA,":[64],"a":[65,107,123,166,193],"framework":[66],"leverages":[68],"Model":[70],"Context":[71],"Protocol":[72],"(MCP)":[73],"integrating":[79,185],"context":[81],"existing":[83],"detections,":[84],"schemas,":[86],"style":[88],"guides":[89],"into":[91,187],"AI-assisted":[92,197],"generation.":[94],"We":[95],"evaluate":[96],"three":[97],"strategies":[99],"Baseline,":[101],"Sequential,":[102],"Agentic":[104,120,139],"diverse":[108],"corpus":[109],"production":[111],"detections":[112,147],"state-of-the-art":[114],"LLMs.":[115],"Our":[116],"results":[117],"show":[118],"achieve":[122],"19%":[124],"improvement":[125],"overall":[127],"similarity":[128],"score":[129],"over":[130],"Baseline":[131],"approaches,":[132],"while":[133],"Sequential":[134],"attain":[136],"87%":[137],"quality":[140],"at":[141,149],"40x":[142],"lower":[143],"token":[144],"cost.":[145],"Generated":[146],"excel":[148],"TTP":[150],"matching":[151],"(99.4%)":[152],"syntax":[154],"validity":[155],"(95.9%)":[156],"but":[157],"struggle":[158],"with":[159,200],"exclusion":[160],"parity":[161],"(8.9%).":[162],"Expert":[163],"validation":[164],"on":[165],"22-detection":[167],"subset":[168],"confirms":[169],"strong":[170],"Spearman":[171],"correlation":[172],"between":[173,203],"automated":[174],"metrics":[175],"practitioner":[177],"judgment":[178],"($\u03c1=":[179],"0.64$,":[180],"$p":[181],"&lt;":[182],"0.002$).":[183],"By":[184],"seamlessly":[186],"standard":[188],"developer":[189],"environments,":[190],"AVDA":[191],"provides":[192],"practical":[194],"path":[195],"toward":[196],"quantified":[201],"trade-offs":[202],"quality,":[204],"cost,":[205],"latency.":[207]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-03-31T00:00:00"}
