NEXUS: 10-Agent AI System Built to Find, Exploit, and Patch Code Vulnerabilities
A team participating in the Qwen Cloud Global AI Hackathon developed NEXUS, an autonomous system of 10 specialized AI agents designed to detect, verify, and remediate security vulnerabilities in open-source software. Built on Alibaba Cloud's DashScope API using Qwen-Max and Qwen-Plus models, the pipeline divides the vulnerability lifecycle into distinct roles including reconnaissance, exploitation, verification, patching, and report generation. A standout feature is a three-agent Governance Council that independently scores each confirmed vulnerability from different perspectives — technical severity, business impact, and exploitability — before averaging the results into a consensus rating. To reduce false positives, the system requires agents to generate and independently verify proof-of-concept exploit code before flagging any issue. NEXUS also employs a three-tier memory architecture using Redis, PostgreSQL, and pgvector to retain scan history and improve performance over time.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in