Skip to main content

Agentic RE: Automating Reverse Engineering & Vulnerability Research with AI

Laptop and code editor representing AI‑powered reverse engineering

Hands‑on labs bring together RE tools and agentic AI for scalable workflows.

Registration Open

📅 This training is running at multiple events in 2026:

Browse all dates on the Upcoming Events calendar.

Building Agentic RE Radar

Profile Insight: Most RE courses teach tools. Most AI courses teach theory. This one sits at Agentic AI (95) and Automation (85) — you build working systems where LLMs and RE tools operate together on real binaries.

Overview

Reverse engineering is evolving beyond static tools and manual workflows. This hands‑on course introduces a new paradigm: Agentic Workflows. By combining large language models (LLMs), the Model Context Protocol (MCP), and reverse engineering tools like Ghidra, participants will learn how to design, configure, and orchestrate AI‑powered systems that automate and accelerate binary analysis.

Rather than focusing on a single operating system, the course demonstrates how agentic pipelines can be applied across Windows, macOS, iOS, and Android. Students will see how MCP servers and AI‑assisted workflows adapt to different platforms, enabling reproducible analysis and vulnerability triage in diverse environments.

By the end of the course, participants will have built a reproducible agentic AI workflow capable of analyzing software, surfacing potential vulnerabilities, validating, and triaging results across multiple platforms.

High‑Level Course Outline

Part 1 – Foundations

  • How AI is reshaping reverse engineering
  • Core LLM concepts (overview only)
  • Choosing models & hardware trade‑offs
  • Why local models matter

Part 2 – Local Setup & Assisted RE

  • Connecting RE tools to LLMs (MCP)
  • Setting up a local LLM stack
  • Using AI to explain and annotate code
  • Exploring new research areas with AI

Part 3 – Development & Security

  • Building custom MCP servers
  • Customizing Ghidra MCP for analysis
  • Combining static analysis tools with LLMs
  • Insights from advanced bug‑finding systems (DARPA AIxCC)
  • Securing agentic workflows

Part 4 – Orchestration & Capstone

  • Orchestrating LLM workflows
  • Optimizing prompts for better results
  • Building a prototype RE HUD
  • Capstone: Create a reproducible Agentic RE workflow

Who Should Attend

  • Reverse engineers who want to add AI-driven automation to their workflows
  • Vulnerability researchers looking to speed up bug discovery and triage
  • Security professionals who need private, reproducible AI stacks for sensitive work
  • Developers and tool builders who want to extend MCP servers and plug AI into RE pipelines
  • Applied AI practitioners ready to move past prompt-hacking into real orchestration and workflow design

If you’ve wanted your RE tools to do more than assist — to actually reason, act, and iterate on their own — this is that course.

Prerequisites

To get the most out of this training, participants should have:

  • Intermediate reverse engineering experience (familiarity with Ghidra, IDA, or similar tools)
  • Basic vulnerability research knowledge (understanding of common bug classes and analysis workflows)
  • Comfort with scripting in Python (used for MCP servers, orchestration, and workflow glue)
  • Familiarity with Linux or macOS command‑line environments for stack setup and automation

No prior LLM or AI framework experience needed. We cover the fundamentals before anything advanced.

System Requirements

AI Hardware:

  • A machine capable of running at least an 8B model (e.g., Qwen3 or Llama)
  • Recommended: modern GPU (RTX 3060+ or Apple M-series) with 16GB+ RAM
  • If hardware doesn’t meet specs, students can participate using free tiers of frontier model APIs — setup instructions for both local and remote options are provided

Software:

  • Python 3.11+
  • Docker (for OpenWebUI and Ollama)
  • git and a Linux-style command-line environment with administrator privileges

Practical Takeaways

What you take home:

  • A fully configured local RE+LLM stack (Ollama, OpenWebUI, LM Studio, GhidraMCP)
  • An understanding of hardware trade-offs for running local LLMs effectively
  • Custom MCP servers for binary metadata, semantic search, and static analysis (Semgrep + CodeQL)
  • Prompt optimization pipelines — LabeledFewShot, MIPROv2, and GEPA optimizers that make local models more accurate
  • Hands-on experience fine-tuning models for RE-specific tasks (e.g., vulnerability class detection, function identification)
  • Reusable workflow templates for binary analysis, vulnerability discovery, and results validation
  • Agent Skills definitions — reproducible SKILL.md files that encode RE workflows for coding agents
  • A Chainlit-based RE HUD that integrates multiple MCPs and provides an interactive interface for analysis
  • A working agentic workflow that combines human expertise with AI reasoning for both RE and VR tasks
Capstone Project

The capstone has two paths. You pick one (or do both):

  • RE Path: A workflow that analyzes and explains binaries using Ghidra MCP and semantic search
  • VR Path: A workflow that discovers, triages, and validates potential vulnerabilities using Semgrep, CodeQL, and LLM-driven cross-checks

Both paths produce a Chainlit-based HUD that ties RE and VR into one interface.

Upcoming Courses

DateEventLocation
March 27, 2026Ringzer0 Countermeasure 2026VirtualRegister →
April 26, 2026DEFCON 2026SingaporeRegister →
June 15, 2026REcon 2026Montreal, CanadaRegister →

📅 Browse all dates on the Upcoming Events calendar.