Agentic AI Framework for Web Vulnerability Detection, Mitigation and Patching
Hämtar...
Ladda ner
Publicerad
Författare
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Modern web applications expose increasingly complex attack surfaces, and existing
security automation is still most effective at producing candidate findings rather
than reviewable repairs. Static and dynamic analysis tools can identify possible
weaknesses at scale, but the path from a finding to a validated, scoped, and review
ready patch remains weakly automated and difficult to inspect. This thesis investigates whether a multi-stage agentic AI workflow can improve web vulnerability
detection, mitigation, and patch delivery in white-box repository settings.
To examine this question, the proposed framework decomposes security review into
stages for discovery, triage, analysis, mitigation, verification, and delivery. Each
stage produces structured artifacts that are consumed by later stages, making the
workflow more inspectable than a single end-to-end repair agent. The design emphasizes repository-grounded evidence, explicit repair hypotheses, independent verification, and reviewer-oriented delivery units.
The evaluation combines issue-level repair experiments with repository case studies. On the PatchEval runtime-validated subset of 230 vulnerability-repair tasks,
the multi-stage workflow achieves 78 successful repairs, compared with 73 for a
matched single-agent baseline under the same model. This improvement is modest
and requires higher token use and cost, but case-level analysis suggests that staging
can influence repair strategy by clarifying vulnerability boundaries and providing
independent feedback on patch completeness. In repository case studies, agentic
discovery and triage cover more answer-key vulnerabilities than CodeQL, Semgrep,
and OWASP ZAP, especially for issues that require cross-file or design-level reasoning. The workflow also improves reviewability by organizing patches and reports
into structured delivery units.
Overall, the results indicate that the main value of multi-stage orchestration is not
a large increase in repair success, but a more inspectable and controllable security
review process. The workflow records repository evidence, analysis assumptions,
verification results, and delivery boundaries, helping reviewers understand why a
vulnerability was found, how it was analyzed, whether the patch addresses the issue,
and how the repair should be reviewed. These benefits remain constrained by model
capability and cost.
Beskrivning
Ämne/nyckelord
Attack Mitigation, Vulnerability Detection, Code Analysis, Cybersecu rity, Artificial Intelligence
