Argus: Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection

Static analysis is a foundational technique in software security—analyzing source code without execution to discover vulnerabilities. But existing tools each have their strengths: some excel at memory errors, others at injection flaws, others at data-flow analysis. The problem? They do not talk to each other.

What if we could orchestrate them?

Argus's core idea is to use a multi-agent ensemble to orchestrate multiple static analysis tools. Each agent specializes in one analysis technique, and they communicate through a coordinator—like a "security analysis team" where each member handles their area of expertise, but information is shared across the team.

This enables detection of vulnerabilities across full attack chains—from injection flaws to privilege escalation to data exfiltration, end to end.

On real-world software projects, Argus discovered more vulnerabilities than any single tool, with lower false-positive rates. The multi-agent advantage is especially pronounced for complex, cross-component, cross-stage vulnerability detection.

• Title: Argus: Reorchestrating Static Analysis via a Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection
• Authors: Zi Liang, Qipeng Xie, Jun He, Bohuan Xue, Weizheng Wang, Yuandao Cai, Fei Luo, Boxian Zhang, Haibo Hu, Kaishun Wu
• Status: Preprint 2026
• Paper: https://arxiv.org/abs/2604.06633