Detecting Privilege Escalation in Polyglot Microservices via Agentic Program Analysis
A new framework called Neo has been developed to detect privilege escalation vulnerabilities in polyglot microservices. This framework combines large language models with traditional program analysis to improve detection accuracy and scalability. In evaluations, Neo uncovered multiple zero-day vulnerabilities across various programming languages and demonstrated significant improvements over existing solutions.
- ▪Neo is an agentic program analysis framework designed to address privilege escalation risks in microservices.
- ▪The framework was evaluated on 25 open-source microservice applications, uncovering 24 zero-day vulnerabilities.
- ▪Neo achieved 81.0% precision and 85.0% recall on a ground-truth dataset, showcasing its effectiveness.
Opening excerpt (first ~120 words) tap to expand
Computer Science > Cryptography and Security arXiv:2605.15569 (cs) [Submitted on 15 May 2026] Title:Detecting Privilege Escalation in Polyglot Microservices via Agentic Program Analysis Authors:Penghui Li, Hong Yau Chong, Yinzhi Cao, Junfeng Yang View a PDF of the paper titled Detecting Privilege Escalation in Polyglot Microservices via Agentic Program Analysis, by Penghui Li and 3 other authors View PDF HTML (experimental) Abstract:Microservices are widely adopted in modern cloud systems due to their scalability and fault tolerance. However, microservice architectures introduce significant complexity in privilege and permission control, creating risks of privilege escalation where attackers can gain unauthorized access to resources or operations.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at arXiv cs.AI.
Discussion
0 commentsMore from arXiv cs.AI
