This page is being moved to a new, faster, and mobile-friendly application! Access the enhanced and centralized experience now on MyWorkspace.
ITU's 160 anniversary

Connecting the world and beyond

  •  
GSR 2025

ITU-T work programme

[2025-2028] : [SG17] : [Q7/17]

[Declared patent(s)]  - [Associated work]

Work item: X.gavd-mas
Subject/title: Guidelines for application vulnerability detection using multi-agent system
Status: Under study 
Approval process: AAP
Type of work item: Recommendation
Version: New
Equivalent number: -
Timing: 2027-12 (Medium priority)
Liaison: ISO/IEC JTC 1/ SC 27
Supporting members: Ant Group Co., Ltd., China Information Communication Technologies Group, Electronics and Telecommunications Research Institute, Alibaba China Co., Ltd.
Summary: Applications are indispensable core carriers supporting business operations, and application security serves as the critical frontline in ensuring business continuity. However, as business systems grow in complexity and attack techniques rapidly evolve, application vulnerabilities are becoming increasingly sophisticated and diverse. Traditional application security testing technologies such as SAST, DAST are no longer sufficient to address the dynamic and complex application vulnerabilities—primarily because they can understand code semantics, but not business semantics. In contrast, multi-agent system offers advantages in detecting application vulnerabilities within complex business scenarios. This recommendation is to provide the requirements for application vulnerability detection, and define a reference architecture based on multi-agent system and the related technical capabilities to address the challenges of vulnerability detection in AI era. The contents include: Overview: analyzing the challenges and providing requirements for application vulnerability detection. Reference architecture for application vulnerability detection: defining a reference architecture and a typical workflow for application vulnerability detection using multi-agent system. Technical capabilities of the components: providing the technical capabilities of the component in the reference architecture. This recommendation applies to organizations’ development and deployment of multi-agent system-based vulnerability detection solution to enhance the automated discovery capability of application vulnerabilities, particularly improve the efficiency and effectiveness of detecting complex business logic vulnerabilities.
Comment: -
Reference(s):
  Historic references:
-
Contact(s):
Xiaoyuan BAI, Editor
Chuanlei MA, Editor
Jae Hoon NAH, Editor
Jin PENG, Editor
Jinchen SHENG, Editor
ITU-T A.5 justification(s):
Generate A.5 drat TD
-
[Submit new A.5 justification ]
See guidelines for creating & submitting ITU-T A.5 justifications
First registration in the WP: 2025-12-11 13:24:34
Last update: 2025-12-11 13:28:58

© ITU All Rights Reserved

Back to top