An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection

[2601.19138] AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection --> Computer Science > Cryptography and Security arXiv:2601.19138 (cs) [Submitted on 27 Jan 2026] Title: AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection Authors: Wachiraphan Charoenwet , Kla Tantithamthavorn , Patanamon Thongtanunam , Hong Yi Lin , Minwoo Jeong , Ming Wu View a PDF of the paper titled AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection, by Wachiraphan Charoenwet and Kla Tantithamthavorn and Patanamon Thongtanunam and Hong Yi Lin and Minwoo Jeong and Ming Wu View PDF HTML (experimental) Abstract: Secure code review is critical at the pre-commit stage, where vulnerabilities must be caught early under tight latency and limited-context constraints. Existing SAST-based checks are noisy and often miss immature, context-dependent vulnerabilities, while standalone Large Language Models (LLMs) are constrained by context windows and lack explicit tool use. Agentic AI, which combine LLMs with autonomous decision-making, tool invocation, and code navigation, offer a promising alternative, but their effectiveness for pre-commit secure code review is not yet well understood. In this work, we introduce AgenticSCR, an agentic AI for secure code review for detecting immature vulnerabilities during the pre-commit stage, augmented by security-focused semantic memories. Using our own curated benchmark of immature vulnerabilities, tailored to the pre-commit secure code review, we empirically evaluate how accurate is our AgenticSCR for localizing, detecting, and explaining immature vulnerabilities. Our results show that AgenticSCR achieves at least 153% relatively higher percentage of correct code review comments than the static LLM-based baseline, and also substantially surpasses SAST tools. Moreover, AgenticSCR generates more correct comments in four out of five vulnerability types, consistently and significantly outperforming all other baselines. These findings highlight the importance of Agentic Secure Code Review, paving the way towards an emerging research area of immature vulnerability detection. Comments: Under Review Subjects: Cryptography and Security (cs.CR) ; Artificial Intelligence (cs.AI); Machine Learning (cs.LG); Software Engineering (cs.SE) Cite as: arXiv:2601.19138 [cs.CR] (or arXiv:2601.19138v1 [cs.CR] for this version) https://doi.org/10.48550/arXiv.2601.19138 Focus to learn more arXiv-issued DOI via DataCite Submission history From: Chakkrit Tantithamthavorn [ view email ] [v1] Tue, 27 Jan 2026 03:10:12 UTC (3,392 KB) Full-text links: Access Paper: View a PDF of the paper titled AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection, by Wachiraphan Charoenwet and Kla Tantithamthavorn and Patanamon Thongtanunam and Hong Yi Lin and Minwoo Jeong and Ming Wu View PDF HTML (experimental) TeX Source view license Current browse context: cs.CR < prev | next > new | recent | 2026-01 Change to browse by: cs cs.AI cs.LG cs.SE References & Citations NASA ADS Google Scholar Semantic Scholar export BibTeX citation Loading... BibTeX formatted citation × loading... Data provided by: Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer ( What is the Explorer? ) Connected Papers Toggle Connected Papers ( What is Connected Papers? ) Litmaps Toggle Litmaps ( What is Litmaps? ) scite.ai Toggle scite Smart Citations ( What are Smart Citations? ) Code, Data, Media Code, Data and Media Associated with this Article alphaXiv Toggle alphaXiv ( What is alphaXiv? ) Links to Code Toggle CatalyzeX Code Finder for Papers ( What is CatalyzeX? ) DagsHub Toggle DagsHub ( What is DagsHub? ) GotitPub Toggle Gotit.pub ( What is GotitPub? ) Huggingface Toggle Hugging Face ( What is Huggingface? ) Links to Code Toggle Papers with Code ( What is Papers with Code? ) ScienceCast Toggle ScienceCast ( What is ScienceCast? ) Demos Demos Replicate Toggle Replicate ( What is Replicate? ) Spaces Toggle Hugging Face Spaces ( What is Spaces? ) Spaces Toggle TXYZ.AI ( What is TXYZ.AI? ) Related Papers Recommenders and Search Tools Link to Influence Flower Influence Flower ( What are Influence Flowers? ) Core recommender toggle CORE Recommender ( What is CORE? ) Author Venue Institution Topic About arXivLabs arXivLabs: experimental projects with community collaborators arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website. Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them. Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs . Which authors of this paper are endorsers? | Disable MathJax ( What is MathJax? )