Antaeus: Hunting Repository-Level Logic Vulnerabilities via Context-Grounded LLM Reasoning

📅 2026-07-01
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
Logical vulnerability detection remains challenging due to its reliance on application-specific security invariants and behavioral assumptions, which current large language model (LLM)-based approaches fail to capture owing to their limited understanding of repository-level context. This work proposes Antaeus, a novel framework that, for the first time, integrates repository-wide functional semantics, security-relevant resources, and trust boundary information into LLM-based reasoning. Antaeus employs lightweight security signals to prioritize functions, combines local code with global context to infer security conditions, and introduces a contrastive validation mechanism to distinguish genuine vulnerabilities from project-specific conventions. Evaluated on 28 repositories containing known logical vulnerabilities, Antaeus successfully identifies and explains 15 of them, substantially outperforming existing function-level and agent-based baselines while achieving higher accuracy and traceability at comparable computational cost.
📝 Abstract
LLM-based vulnerability detectors have shown promising results in identifying memory-safety bugs and vulnerability classes whose violations can often be expressed through established security properties. Logic vulnerabilities, however, pose a different challenge, as their identification requires inferring application-specific security invariants and implicit assumptions about intended behavior. Even frontier agentic models struggle because these invariants are often implicit and buried among unrelated code. Motivated by this gap, we present Antaeus, a framework for detecting logic vulnerabilities that grounds LLM reasoning in repository-level code context. Antaeus follows a repository-scale pipeline combining function prioritization, context-grounded reasoning, comparative validation, and structured reporting. It ranks functions using lightweight repo-wide security signals, directing costly LLM analysis toward relevant code and reducing calls, cost, and triage effort. For each prioritized function, Antaeus combines local code context with a repository-level view of the application's functionality, security resources, and trust boundaries. This enables reasoning about how the function is executed within the broader application rather than as an isolated snippet. Antaeus identifies security-sensitive sinks, derives safety conditions for safe execution, and checks whether they are locally satisfied. Candidate findings undergo comparative validation, pruning concerns that reflect project-wide norms rather than distinctive violations. Finally, Antaeus reports sinks, violated safety conditions, and evidence, making findings actionable and traceable. We evaluate Antaeus on 28 repositories with confirmed logic vulnerabilities and compare it against function-level and agentic models. Antaeus detects and explains 15 vulnerabilities, outperforming baselines with comparable token usage and cost.
Problem

Research questions and friction points this paper is trying to address.

logic vulnerabilities
security invariants
repository-level context
LLM reasoning
implicit assumptions
Innovation

Methods, ideas, or system contributions that make the work stand out.

logic vulnerabilities
repository-level context
LLM reasoning
comparative validation
security invariants
🔎 Similar Papers