Agentic Binary Reverse Engineering
Quick Answer
Agentic binary reverse engineering is the practice of using an LLM-driven system that plans, invokes reverse-engineering tools (Ghidra, IDA, radare2, angr, GDB, sandboxes), observes their output, preserves evidence, and revises hypotheses across many turns to analyze a compiled program without human step-by-step direction. It is distinguished from one-shot LLM-assisted RE, where a human pastes decompiler output into a chat for naming or summarization.
Agentic Binary Reverse Engineering
Agentic binary reverse engineering, also known as agentic RE, is an LLM-driven analysis pattern in which an autonomous loop plans, calls reverse-engineering tools (Ghidra, IDA, radare2, angr, GDB, sandboxes), observes their output, preserves evidence, and revises hypotheses across many turns to analyze a compiled program. The closed loop — inspect, hypothesize, act, verify, revise — is scored by deterministic outcomes such as a recovered flag, a reproduced crash, or a malicious-or-benign verdict supported by collected evidence, rather than by the prose plausibility of a single decompiler-summary chat.
It contrasts with one-shot LLM-assisted reverse engineering, where a human pastes decompiler output into a model for naming or summarization. Research and industrial systems such as Project Naptime and Project Ire are early signals of the agentic pattern.
See also
- LLM-assisted malware reverse engineering — the broader workflow class this term sits inside.
- Project Lupine — fine-tuned LLM annotations for Ghidra, an adjacent LLM-in-RE tool.