Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection For Repository-Scale Code
Revelio is an agentic system for detecting memory safety vulnerabilities at repository scale, using LLM-guided taint analysis to prioritise high-risk code paths and reduce the manual review burden by an order of magnitude.
Focus: Memory safety vulnerabilities (buffer overflows, use-after-free, format string exploits) remain the dominant source of exploitable software defects. Revelio uses LLM-guided taint analysis to scale memory safety review to entire repositories, prioritising code paths that are both reachable from untrusted inputs and likely to contain memory errors.
Key Insights
- LLM-guided taint priority: Traditional taint analysis produces prohibitively large sets of potentially tainted code paths; Revelio uses an LLM to assess which paths are most likely to contain exploitable memory errors, reducing the review set by a factor of ~12 while maintaining high recall.
- Agentic memory management: The system uses a structured memory to track which code regions have been analysed, which vulnerabilities have been confirmed, and which paths remain unreviewed — enabling cost-efficient incremental analysis as the codebase evolves.
- Repository-scale coverage: The paper demonstrates coverage of repositories with millions of lines of code, reaching a scale that previous LLM-based security analysis tools could not achieve.
Failure-First Relevance
Revelio demonstrates a key pattern for AI-assisted safety research: LLM-guided prioritisation over a large search space reduces the human review burden without sacrificing coverage. The same pattern applies to the Failure-First jailbreak evolution pipeline — rather than evaluating all candidate operators, LLM-guided selection identifies the most promising candidates for full FLIP grading, making the pipeline cost-efficient at scale.