bug identification

Researchers from Nanjing University and The University of Sydney have developed an AI vulnerability identification system called A2, which is designed to discover and validate vulnerabilities in Android applications. A2 achieves 78.3 percent coverage on the Ghera benchmark, outperforming static analyzers like APKHunt, which only reaches 30.0 percent. In testing on 169 production APKs, A2 identified 104 true-positive zero-day vulnerabilities, with 57 validated through automatically generated proof-of-concept exploits. One identified vulnerability was a medium-severity flaw in an Android app with over 10 million installs, specifically an intent redirect issue. A2 integrates various commercial AI models for planning, execution, and validation of tasks, improving upon its predecessor, A1, which lacked robust validation. The system effectively reduces false positives by providing valuable signals rather than overwhelming noise.