Software threat intelligence is often scattered across informal channels—including blogs, social media, developer forums, open-source repositories, and underground communities—leading to delayed situational awareness, fragmented information, and challenges in verification. To address these issues, this paper proposes a self-evolving multi-agent collaborative framework. The framework integrates distributed collection, NLP-driven parsing of unstructured text, knowledge graph mapping, multi-source reasoning, and dynamic validation, enabling agents to share contextual knowledge and iteratively refine security insights. Unlike static analysis systems, it autonomously adapts to emerging threat patterns, significantly improving threat coverage, semantic understanding accuracy, and timeliness. Experimental results demonstrate superior cross-source threat aggregation efficiency and risk detection rates compared to state-of-the-art approaches, thereby enhancing software security situational awareness and scalable incident response capabilities.

In recent years, the landscape of software threats has become significantly more dynamic and distributed. Security vulnerabilities are no longer discovered and shared only through formal channels such as public vulnerability databases or vendor advisories. Increasingly, criti- cal threat information emerges informally through blogs, social media, developer forums, open source repositories, and even underground com- munities. To this end, capturing such intelligence in a timely manner is essential for maintaining situational awareness and enabling prompt security responses. However, this remains a complex challenge due to the fragmented nature of data sources and the technical difficulty of collecting, parsing, mapping, and validating information at scale. To ad- dress this, we propose Evolaris, a self-evolving software intelligence sys- tem built on a multi-agent framework. Evolaris is designed to support a full-stack workflow, where agents operate independently but coordinate through shared context to perform tasks such as information discovery, reasoning, gap completion, validation, and risk detection. This archi- tecture enables the platform to learn from new inputs, refine its internal knowledge, and adapt to emerging threat patterns over time, which could continuously improve the precision, timeliness, and scalability of software threat analysis, and offers a sustainable foundation for proactive secu- rity decision-making and strengthens the broader ecosystem of security threat understanding.