Volcano Engine Unveils Agent Miner and BoardSentinel at Black Hat Asia 2026

Agent Miner: Multi‑Agent Security Audit Framework

Agent Miner is a general‑purpose AI‑agent security audit framework built on a collaborative network of specialized agents. The framework decomposes an audit task into roles such as planning, static code analysis, and dynamic risk verification.

Static‑dynamic closed‑loop audit process:

Static analysis scans the target AI agent’s code to identify potential risk points.

A dedicated “risk‑verification officer” agent automatically generates proof‑of‑concept exploits for the identified points and executes them to confirm the threats.

Using this pipeline, Volcano Engine evaluated more than ten mainstream open‑source AI agents, discovered over fifteen security vulnerabilities, and obtained seven CVE identifiers.

BoardSentinel: Automated Static Analysis Framework for BMC Firmware

BoardSentinel automates the full analysis workflow for Baseboard Management Controller (BMC) firmware from vendors such as AMI MegaRAC and OpenBMC. The framework automatically unpacks, disassembles, and analyzes firmware binaries.

Hybrid vulnerability detection engine combines:

ID A Pro decompilation for low‑level code insight.

Semgrep pattern‑matching rules for known issue signatures.

Custom detectors for novel security risks.

The engine produces actionable reports that include remediation suggestions. The automation shortens the firmware analysis cycle, enabling large‑scale, rapid auditing of hardware‑level security risks.