Challenges and Future Directions in Agentic Reverse Engineering Systems
For security researchers using LLM agents for reverse engineering, this paper highlights current bottlenecks and suggests design improvements.
The paper identifies limitations of LLM-based agentic systems for binary reverse engineering, such as failures with obfuscation and token constraints, and outlines future directions for improvement.
Agentic systems built on large language models (LLMs) are increasingly being used for complex security tasks, including binary reverse engineering (RE). Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fail in complex RE scenarios that involve obfuscation, timing, and unique architecture. In this work, we examine how agentic systems perform reverse engineering tasks with static, dynamic, and hybrid agents. Through an analysis of existing agentic tool usage, we identify several limitations, including token constraints, struggles with obfuscation, and a lack of program guardrails. From these findings, we outline current challenges and position future directions for system designers to overcome from a security perspective.