{"id":"https://openalex.org/W7155178294","doi":"https://doi.org/10.48550/arxiv.2604.19012","title":"Security Is Relative: Training-Free Vulnerability Detection via Multi-Agent Behavioral Contract Synthesis","display_name":"Security Is Relative: Training-Free Vulnerability Detection via Multi-Agent Behavioral Contract Synthesis","publication_year":2026,"publication_date":"2026-04-21","ids":{"openalex":"https://openalex.org/W7155178294","doi":"https://doi.org/10.48550/arxiv.2604.19012"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.19012","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.19012","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.19012","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5134255415","display_name":"Yongchao Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Wang, Yongchao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134343550","display_name":"Zhiqiu Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huang, Zhiqiu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5134255415"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.3303999900817871,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.3303999900817871,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2639000117778778,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.11190000176429749,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ambiguity","display_name":"Ambiguity","score":0.7376000285148621},{"id":"https://openalex.org/keywords/behavioral-modeling","display_name":"Behavioral modeling","score":0.5217000246047974},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.48350000381469727},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4284000098705292},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.41999998688697815},{"id":"https://openalex.org/keywords/equivalence","display_name":"Equivalence (formal languages)","score":0.37459999322891235}],"concepts":[{"id":"https://openalex.org/C2780522230","wikidata":"https://www.wikidata.org/wiki/Q1140419","display_name":"Ambiguity","level":2,"score":0.7376000285148621},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6955000162124634},{"id":"https://openalex.org/C78639753","wikidata":"https://www.wikidata.org/wiki/Q3318160","display_name":"Behavioral modeling","level":2,"score":0.5217000246047974},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.48350000381469727},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4284000098705292},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.41999998688697815},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39640000462532043},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3765000104904175},{"id":"https://openalex.org/C2780069185","wikidata":"https://www.wikidata.org/wiki/Q7977945","display_name":"Equivalence (formal languages)","level":2,"score":0.37459999322891235},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.36559998989105225},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.3553999960422516},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.30970001220703125},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.3093000054359436},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.28360000252723694},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2831999957561493},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.25609999895095825},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.2513999938964844}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.19012","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.19012","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.19012","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.19012","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Deep":[0],"learning":[1],"for":[2],"vulnerability":[3],"detection":[4,76],"has":[5],"shown":[6],"promising":[7],"results":[8],"on":[9,23,50],"early":[10],"benchmarks,":[11],"but":[12],"recent":[13],"evaluations":[14],"reveal":[15],"catastrophic":[16],"degradation:":[17],"models":[18,137],"achieving":[19],"F1":[20,117],"&gt;":[21],"0.68":[22],"legacy":[24],"datasets":[25],"collapse":[26],"to":[27,139,157],"0.031":[28],"under":[29],"strict":[30,109],"deduplication.":[31],"We":[32,59],"identify":[33,167],"the":[34,38,96,153],"root":[35],"cause":[36],"as":[37,152],"semantic":[39],"ambiguity":[40,69],"problem:":[41],"identical":[42],"code":[43,104,190],"can":[44],"be":[45],"secure":[46],"or":[47],"vulnerable":[48],"depending":[49],"project-specific":[51],"behavioral":[52,93,183],"contracts,":[53,184],"rendering":[54],"global":[55],"classification":[56],"fundamentally":[57],"inadequate.":[58],"propose":[60],"Phoenix,":[61],"a":[62,80,87,100,178],"training-free":[63],"multi-agent":[64],"framework":[65],"that":[66,175],"resolves":[67],"this":[68],"through":[70],"Behavioral":[71],"Contract":[72,101],"Synthesis.":[73],"Phoenix":[74,115],"decomposes":[75],"into":[77],"three":[78],"stages:":[79],"Semantic":[81],"Slicer":[82],"extracting":[83],"minimal":[84],"vulnerability-relevant":[85],"context,":[86],"Requirement":[88],"Reverse":[89],"Engineer":[90],"synthesizing":[91],"Gherkin":[92,150],"specifications":[94,107,151],"encoding":[95],"security":[97,169,176],"contract,":[98],"and":[99,120,129],"Judge":[102],"evaluating":[103],"against":[105,182],"these":[106],"via":[108],"compliance":[110],"checking.":[111],"On":[112],"PrimeVul":[113],"Paired,":[114],"achieves":[116],"=":[118,122,127,132],"0.825":[119],"Pair-Correct":[121],"64.4%,":[123],"surpassing":[124],"RASM-Vul":[125],"(F1":[126,131],"0.668)":[128],"VulTrial":[130],"0.563)":[133],"while":[134],"using":[135],"open-source":[136],"up":[138],"48x":[140],"smaller":[141],"(7-14B":[142],"vs.":[143],"671B).":[144],"Ablation":[145],"across":[146],"25":[147],"configurations":[148],"demonstrates":[149],"decisive":[154],"driver":[155],"(+0.09":[156],"+0.35":[158],"F1).":[159],"Error":[160],"analysis":[161],"reveals":[162],"18%":[163],"of":[164,189],"\"False":[165],"Positives\"":[166],"genuine":[168],"concerns":[170],"in":[171],"patched":[172],"code,":[173],"demonstrating":[174],"is":[177],"relative":[179],"property":[180,188],"defined":[181],"not":[185],"an":[186],"absolute":[187],"syntax.":[191]},"counts_by_year":[],"updated_date":"2026-04-23T06:20:18.424754","created_date":"2026-04-23T00:00:00"}