arXiv: SoK: AI-Augmented Binary Reversing

This publication is a Systematization of Knowledge (SoK) paper from arXiv that surveys how artificial intelligence is being used to automate binary code reverse engineering. It maps current AI techniques for decompiling, analyzing, and patching compiled software, and highlights significant gaps in security, reliability, and explainability. While not a regulatory change itself, it signals a rapid technological shift that EU regulators are likely to scrutinize under the AI Act and cybersecurity frameworks, particularly for high-risk AI systems used in critical infrastructure or software supply chain analysis.

Organizations affected include software vendors, cybersecurity firms, critical infrastructure operators, and any entity deploying AI for code analysis or vulnerability detection. Sectors such as finance, healthcare, energy, and defense—where binary reversing is used for compliance, forensics, or patching—should pay close attention. The paper’s findings imply that current AI-augmented tools may not meet the robustness and transparency requirements expected under the EU AI Act’s high-risk classification.

Compliance teams should immediately review any AI tools used for binary analysis or software integrity checks, assessing whether they fall under high-risk categories. Document the tool’s training data, error rates, and explainability features. Engage with legal and engineering teams to map these tools against upcoming AI Act obligations, particularly for transparency, human oversight, and accuracy. Finally, monitor the European Commission’s guidance on AI in cybersecurity, as this paper may inform future regulatory expectations.