Agentic AI Framework for Web Vulnerability Detection, Mitigation and Patching

dc.contributor.authorGisselblad Seibt , Hanna
dc.contributor.authorShasawar, Pawan
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data och informationstekniksv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineeringen
dc.contributor.examinerDahlstedt, Palle
dc.contributor.supervisorEriksson, Thommy
dc.date.accessioned2026-07-08T13:17:11Z
dc.date.issued2026
dc.date.submitted
dc.description.abstractModern web applications expose increasingly complex attack surfaces, and existing security automation is still most effective at producing candidate findings rather than reviewable repairs. Static and dynamic analysis tools can identify possible weaknesses at scale, but the path from a finding to a validated, scoped, and review ready patch remains weakly automated and difficult to inspect. This thesis investigates whether a multi-stage agentic AI workflow can improve web vulnerability detection, mitigation, and patch delivery in white-box repository settings. To examine this question, the proposed framework decomposes security review into stages for discovery, triage, analysis, mitigation, verification, and delivery. Each stage produces structured artifacts that are consumed by later stages, making the workflow more inspectable than a single end-to-end repair agent. The design emphasizes repository-grounded evidence, explicit repair hypotheses, independent verification, and reviewer-oriented delivery units. The evaluation combines issue-level repair experiments with repository case studies. On the PatchEval runtime-validated subset of 230 vulnerability-repair tasks, the multi-stage workflow achieves 78 successful repairs, compared with 73 for a matched single-agent baseline under the same model. This improvement is modest and requires higher token use and cost, but case-level analysis suggests that staging can influence repair strategy by clarifying vulnerability boundaries and providing independent feedback on patch completeness. In repository case studies, agentic discovery and triage cover more answer-key vulnerabilities than CodeQL, Semgrep, and OWASP ZAP, especially for issues that require cross-file or design-level reasoning. The workflow also improves reviewability by organizing patches and reports into structured delivery units. Overall, the results indicate that the main value of multi-stage orchestration is not a large increase in repair success, but a more inspectable and controllable security review process. The workflow records repository evidence, analysis assumptions, verification results, and delivery boundaries, helping reviewers understand why a vulnerability was found, how it was analyzed, whether the patch addresses the issue, and how the repair should be reviewed. These benefits remain constrained by model capability and cost.
dc.identifier.coursecodeDATX05
dc.identifier.urihttps://hdl.handle.net/20.500.12380/311952
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectAttack Mitigation, Vulnerability Detection, Code Analysis, Cybersecu rity, Artificial Intelligence
dc.titleAgentic AI Framework for Web Vulnerability Detection, Mitigation and Patching
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster's Thesisen
dc.type.uppsokH
local.programmeInteraction design and technologies (MPIDE), MSc

Ladda ner

Original bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
CSE 26-97 HGS PS.pdf
Size:
7.91 MB
Format:
Adobe Portable Document Format

License bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
license.txt
Size:
2.35 KB
Format:
Item-specific license agreed upon to submission
Description: