← Back to brief
ResearchOfficialPreprintarXiv Cryptography and Security

AutoTrace: Agentic Pipeline Localizes Vulnerability Triggers Beyond Patched Functions

Jul 15, 2026

AutoTrace is an agentic pipeline that uses LLM agents to explore code property graphs and localize vulnerability triggers, even when they are located outside patched functions. On the InterPVD benchmark, AutoTrace achieves 75.0% VulnHit and 80.8% FuncHit, surpassing previous methods. The authors also introduce SinkTrace-Bench, a dataset of 1,542 source-to-sink causal chains, which reveals that current frontier LLMs struggle with causal reasoning in vulnerability analysis.

Why it matters: This work advances automated vulnerability analysis by enabling interprocedural trigger localization and provides a new benchmark that highlights the causal reasoning limitations of current LLMs.

Full story at: arXiv Cryptography and Security

More coverage