Research Panorama of Large Language Models in Software Vulnerability Detection: Technical Evolution from Function-Level Analysis to Agent-Based Automation

Based on the GitHub open-source project "Awesome-LLMs-for-Vulnerability-Detection", this article systematically reviews the latest advances in LLM-driven software vulnerability detection technologies, covering four major directions: function-level, repository-level, agent-driven, and smart contract detection. It analyzes key technologies such as retrieval augmentation, multi-agent collaboration, and reinforcement learning, and discusses the challenges and future trends in this field.

Software vulnerability detection is a core challenge in cybersecurity. Traditional static analysis and dynamic testing struggle to handle complex codebases. In recent years, LLMs have redefined the boundaries of vulnerability detection, evolving from code completion to deep semantic understanding. The GitHub project "Awesome-LLMs-for-Vulnerability-Detection" compiles dozens of important papers from 2024 to 2026, providing a comprehensive index for research.

1. Function-level Detection: Using pre-trained models like CodeBERT to analyze individual functions. Representative works include VFFinder, CLeVeR, MVulD. Advantages: high efficiency and easy integration; limitation: lack of cross-function context understanding.
2. Repository-level Detection: Breaks through function-level limitations to understand project-level context. Key advances include JitVul benchmark, LLMxCPG (CPG-guided), VulnLLM-R (inference-type LLM).
3. Agent-driven Detection: Multi-agent collaboration for active exploration of code execution testing. Representatives: AgentFlow, VulnGym, AgenticSCR, MulVul.
4. Smart Contract Specialized Detection: For blockchain contracts. Representatives: MOS (MoE fine-tuning), GPTScan, LAMD (cross-platform extension).

• Retrieval-Augmented Generation (RAG): MulVul improves detection accuracy by dynamically retrieving code knowledge bases through cross-model prompt evolution.
• Reinforcement Learning and Reasoning Distillation: R2Vul introduces reinforcement learning to train models to understand the root causes of vulnerabilities, aiding zero-day vulnerability discovery.
• Neural-Symbolic Hybrid Approach: QRS combines static analysis rules with neural networks, balancing interpretability and generalization.
• Multimodal Fusion: CLeVeR and MVulD integrate multimodal information such as code text and control flow graphs to enhance comprehensive code understanding.

• Limitations of Existing Benchmarks: The Mono project points out that some datasets have "unsolvable patch" issues, leading to inflated evaluation results.
• Multi-Perspective Evaluation Framework: SecLens evaluates LLM capabilities from five perspectives, including security researchers and developers.
• Real-World Benchmarks: CVE-Bench (fixes real CVEs), SecVulEval (C/C++ vulnerability detection), VulnGym (project-level practical environment).

Challenges: High false positive rate (from the Sifting the Noise study), semantic traps (models learn surface patterns instead of root causes), practicality gaps in IDE integration. Future Trends: Multi-agent collaboration, continuous learning adaptive systems, causal reasoning, cross-language generalized models.

LLMs have reshaped the landscape of vulnerability detection technologies, but there is a gap between technical hype and actual deployment. LLMs are not a one-size-fits-all tool, but they can significantly improve efficiency in scenarios such as auxiliary auditing, suspicious code screening, and developer education. As technologies like multimodal fusion mature, we look forward to an era of more intelligent and reliable automated detection.