Prism: A Multi-Team Orchestration of LLM Agents for Automatic Program Repair

Abstract

Automatic Program Repair (APR) has emerged as a critical technology for autonomously addressing software vulnerabilities. While recent advances in Large Language Models (LLMs) have enabled sophisticated agentic APR systems, existing approaches still struggle to generate patches for vulnerabilities whose root causes are difficult to identify. This happens because prior methods (1) merely determine patch locations based on given crash reports or (2) employ poorly engineered context, which distracts the model and hinders effective reasoning. To address these challenges, we present Prism, a multi-team LLM-based APR system. Prism employs a multi-team architecture with three specialized teams coordinated through hierarchical context management: the Analysis Team systematically explores codebases and synthesizes repair strategies, the Patch Team translates strategies into concrete patches with pre-execution validation, and the Evaluation Team executes patches and generates feedback. To systematically explore codebases, Prism supports progressive code retrieval that combines top-down structural exploration with bottom-up, query-driven search. We evaluated Prism on 92 real-world vulnerabilities from DARPA’s AI Cyber Challenge (AIxCC). Prism successfully fixed 77 bugs (83.7%), outperforming baselines by 27 to 70 percentage points. Among those, we further analyzed 21 hard-to-localize vulnerabilities where fix locations do not appear in stack traces. In these cases, Prism fixed 13 of 21 bugs (62%), which is 24 to 62 percentage points higher than other baselines. These results demonstrate the effectiveness of Prism’s design, which leverages a multi-team architecture with strategy-based patch generation and progressive code retrieval.

Publication
Proceedings of the 2026 International Symposium on Research in Attacks, Intrusions and Defenses (RAID)