An automated pipeline of AI agents discovered 118 real-world security holes and 203 zero-day vulnerabilities in a single run.
April 23, 2026
Original Paper
TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs
arXiv · 2604.17860
AI-generated illustration
The Takeaway
AI hacking is no longer a theoretical concern for the distant future. This orchestrated system found hundreds of critical bugs in popular open-source software. It moves beyond simple code assistance to full-scale autonomous vulnerability research. The scale and speed of these discoveries are far beyond what human security teams can match. This technology could be used to secure our infrastructure or to attack it with unprecedented efficiency. We are entering a world where the primary defenders and attackers of our software are both AI.
From the abstract
Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing (SAST) tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative project between Singapore Management University and GovTech Singapore that orchestrates multiple large language model (LLM)-powered agents into a unified vulnerability discovery pipeline. Applied in open-so