Current large language model–driven approaches to automatic exploit generation are hindered by unreliable surface-level execution validation and high trial-and-error costs. This work proposes an end-to-end framework that introduces a semantic oracle mechanism to accurately discern genuine vulnerability behaviors. By integrating a multi-agent architecture—comprising root cause analysis, environment construction, exploit generation, and semantic verification—with a reinforcement learning–driven adaptive strategy, the framework substantially reduces ineffective exploration. Experimental results demonstrate a 25% improvement in validation reliability on the CWE-Bench-Java and PrimeVul benchmarks, lowers the cost of generating a single proof-of-concept (PoC) to \$0.42, and successfully reproduces 12 real-world CVE vulnerabilities within 80 attempts.

While recent approaches leverage large language models (LLMs) and multi-agent pipelines to automatically generate proof-of-concept (PoC) exploits from vulnerability reports, existing systems often suffer from two fundamental limitations: unreliable validation based on surface-level execution signals and high operational cost caused by extensive trial-and-error during exploit generation. In this paper, we present PoC-Adapt, an end-to-end framework for automated PoC generation and verification, architected upon a foundation semantic runtime validation and adaptive policy learning. At the core of PoC-Adapt is a Semantic Oracle that validates exploits by comparing structured pre- and post-execution system states, enabling reliable distinction between true vulnerability exploitation and incidental behavioral changes. To reduce exploration cost, we further introduce an Adaptive Policy Learning mechanism that learns an exploitation policy over semantic states and actions, guiding the exploit agent toward effective strategies with fewer failed attempts. PoC-Adapt is implemented as a multi-agent system comprising specialized agents for root cause analysis, environment building, exploit generation, and semantic validation, coordinated through structured feedback loops. Experimenting on the CWE-Bench-Java and PrimeVul benchmarks shows that PoC-Adapt significantly improves verification reliability by 25% and reduces exploit generation cost compared to prior LLM-based systems, highlighting the importance of semantic validation and learned action policies in automated vulnerability reproduction. Applied to the latest CVE corpus, PoC-Adapt confirmed 12 verified PoC out of 80 reproduce attempts at a cost of $0.42 per generated exploit