Authors:
L. Yashwanth Reddy, M. N. S. Sumanth, R. Regin, S. Rubin Bose, S. Sharan Jeev, S. Benitta Sherine
Addresses:
School of Computer Science and Engineering in Artificial Intelligence and Machine Learning, SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu, India. School of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu, India. Department of Cybersecurity, University of Texas at Dallas, Richardson, Texas, United States of America. Department of Computer Science and Engineering, Dhaanish Ahmed College of Engineering, Chennai, Tamil Nadu, India.
Abstract:
Software security flaws are crucial. Recent Large Language Model (LLM) techniques achieve 47-72% program repair success yet require specialized validation and iterative refinement. SECUREPATCH, a multi-agent LLM system with four specialized agents—Auditor (vulnerability detection), Architect (patch generation), Validator (security verification), and Coordinator (workflow management), achieves 99.4% security vulnerability repair success through iterative refinement with automated feedback. Researchers test three iteration algorithms (MAX RETRIES = 1, 3, 5) on 160 Python security vulnerabilities from 8 CWE categories. Our single-iteration setup (SECUREPATCH-1) outperforms all known approaches (47-72%) by 13-38%. Three cycles (SECUREPATCH-3) increase success to 95.6% (+10.6%), exceeding the 95% production reliability requirement. Five iterations (SECUREPATCH-5) enhance 99.4% (+14.4% overall) with 1 failure in 160 cases. Marginal analysis shows diminishing returns: 1→3 iteration transition (+10.6%) and 3→5 transition (+3.8%). Per-category analysis with five iterations yields 100% accuracy on 7 of 8 CWE categories. Weak Cryptography (CWE-327) improves the most (+45%, from 50% to 95%), showing iteration works on difficult security patterns. SECUREPATCH surpasses LLM-based approaches by 27-52% and typical automated program repair by 44-88%. Multiple-agent specialisation provides a strong baseline performance (85%); iterative refinement with validation feedback is essential for near-perfect accuracy (99.4%); and three iterations provide an optimal cost-benefit trade-off (95.6% success with 15% computational overhead).
Keywords: Automated Program Repair; Iterative Refinement; Automated Feedback; Security Vulnerabilities; Baseline Performance; Weak Cryptography; Max Retries.
Received on: 25/02/2025, Revised on: 16/06/2025, Accepted on: 17/08/2025, Published on: 03/01/2026
DOI: 10.64091/ATICS.2026.000283
AVE Trends in Intelligent Computing Systems, 2026 Vol. 3 No. 1 , Pages: 23-47