Toward Scalable Automated Repository-Level Datasets for Software Vulnerability Detection
2026-03-18 • Software Engineering
Software EngineeringArtificial Intelligence
AI summaryⓘ
The authors focus on improving how software vulnerabilities are found by creating a system that automatically adds realistic security flaws into actual software projects. Their system also makes working examples of how these flaws can be exploited, which helps build accurate datasets for training detection tools that work across whole code repositories, not just small functions. They also study how attack and defense strategies can evolve together to make vulnerability detectors stronger in real-life situations.
software vulnerabilityvulnerability detectionbenchmarkinterprocedural analysisproof-of-vulnerabilityexploit synthesisrepository-level analysisadversarial co-evolutionautomated benchmark generation
Authors
Amine Lbath
Abstract
Software vulnerabilities continue to grow in volume and remain difficult to detect in practice. Although learning-based vulnerability detection has progressed, existing benchmarks are largely function-centric and fail to capture realistic, executable, interprocedural settings. Recent repo-level security benchmarks demonstrate the importance of realistic environments, but their manual curation limits scale. This doctoral research proposes an automated benchmark generator that injects realistic vulnerabilities into real-world repositories and synthesizes reproducible proof-of-vulnerability (PoV) exploits, enabling precisely labeled datasets for training and evaluating repo-level vulnerability detection agents. We further investigate an adversarial co-evolution loop between injection and detection agents to improve robustness under realistic constraints.