Argus: Multi-Agent Collaboration Reconstructs Static Analysis Workflow for Full-Chain Security Vulnerability Detection

Argus is a multi-agent framework designed for vulnerability detection, which reconstructs the static analysis process through supply chain analysis, collaborative multi-agent workflows, and advanced technologies like RAG and ReAct. It transforms traditional LLM-assisted SAST into an LLM-centric new paradigm, effectively detecting real vulnerabilities while significantly reducing false positive rates and operational costs.

Traditional SAST tools rely on symbolic execution and predefined rules, struggling with complex context-related security issues, cross-file context handling, and high rule maintenance costs. LLMs bring potential with context reasoning but face hallucinations, context window limits, insufficient reasoning depth, and high costs when directly applied to vulnerability detection.

Argus's design is based on three key insights: vulnerability detection requires multi-dimensional info integration, RAG extends LLM knowledge, and multi-agent collaboration decomposes complex tasks. Its workflow involves specialized agents: code understanding (parses code structure), data flow tracking (traces tainted data paths), vulnerability pattern recognition (uses RAG for knowledge retrieval), reasoning verification (uses ReAct for deep validation), and report generation (produces human-readable reports). These agents collaborate via message passing.

Argus integrates key technologies: 1. Supply chain analysis (builds dependency graphs, scans known vulnerabilities, analyzes API patterns, version differences). 2. RAG and ReAct fusion (retrieves relevant security knowledge to reduce hallucinations; uses ReAct for iterative reasoning and tool calls). 3. Code representation and indexing (AST, symbol, code embedding, call graph indexes). 4. Agent communication protocol (structured messages and collaboration modes).5. Incremental analysis and caching (reduces repeated analysis costs for large codebases).

Argus outperforms existing methods: 1. Detection ability: Identifies more real vulnerabilities, including zero-day ones with CVE numbers.2. False positive rate: Significantly reduced via RAG and multi-agent validation.3. Operational cost: Lower than simple LLM-based methods due to task decomposition and caching.

Argus supports integration with existing toolchains (CI/CD pipelines, code review tools, IDEs via SARIF format). It provides interpretability (detailed reasoning paths, knowledge sources) for audit. For privacy and compliance, it supports local deployment, data desensitization, and access control.

Argus has limitations: limited support for niche languages, challenges with complex vulnerabilities (concurrency, configuration errors), potential adversarial samples, and need for continuous learning. Future directions include expanding language support, improving detection of complex vulnerabilities, enhancing robustness against adversarial attacks, and enabling continuous knowledge updates.

Argus represents an important paradigm shift in SAST by making LLMs the core engine, combining multi-agent collaboration and retrieval-augmented technologies. It enables more efficient and accurate full-chain vulnerability detection, paving the way for AI applications in software security. As software systems grow complex, such intelligent tools will play a crucial role in protecting digital infrastructure.