AI Security Study Compares Agent Architectures for Vulnerability Detection

A research paper on arXiv, titled 'Towards Optimal Agentic Architectures for Offensive Security Tasks', investigates how different AI agent coordination topologies perform in security auditing tasks. The study, with identifier arXiv:2604.18718v1, addresses the uncertainty over whether adding more agents improves detection or merely increases costs. It introduces a benchmark of 20 interactive targets, split evenly between web/API and binary systems, each containing one known vulnerability accessible via an endpoint. Evaluations were conducted in both whitebox and blackbox modes, with the core study involving 600 runs across five architecture families and three model families. A separate pilot of 60 runs focused on long-context scenarios, detailed only in an appendix. Results from the core benchmark show a detection-any rate of 58.0% and a validated detection rate of 49.8%. The MAS-Indep architecture achieved the highest validated detection at 64.2%, while SAS proved most cost-efficient at $0.058 per validated finding. Whitebox access significantly outperformed blackbox, with validated detection rates of 67.0% versus 32.7%. The research treats topology selection as an empirical systems question, aiming to optimize agentic security systems that use tool-utilizing large language models to audit live targets.