Software Security
Hardware Security
Resources
Contact us
Software Security

Turning Dynamic Analysis into an AI Problem

Hugues Thiebeauld
|
0
|
April 28, 2026
Blue close icon with two intersecting diagonal lines forming an X.
Software Security
PLATFORM
esReverse
TIME TRAVEL ANALYSIS
Time Travel Debugging tool
EMULATORS
IOS Virtual Device
NEW
Android Virtual Device
KNOWLEDGE
Intel Advanced Techniques
IoT Use Cases
SERVICES
Security Assessment
Training & Coaching
Hardware Security
PLATFORM
esDynamic
TURNKEY LABS
Side Channel Analysis
EM Fault Injection
Laser Fault Injection
Glitching Fault Injection
Photonic Emission
KNOWLEDGE
Post-Quantum Cryptography
SCA Specialized Modules
FI Specialized Modules
Practical Use Cases
TOOLS
Pre-silicon Testing
LAB EQUIPMENTS
Pattern Detector
Cold Reset
SERVICES
Security Assessment
Training & Coaching
Resources
INDUSTRIES
Automotive
IoT & Smart Device
Gov. & Defense
Expertise Lab
LEARN
Webinars
Events
Blog
Documentation
COMPANY
About us
Careers
HIRING
Partners
Contact us
Software Security

Turning Dynamic Analysis into an AI Problem

Hugues Thiebeauld
|
-
|
Apr 2026
Back to all articles
SHARE

The limits of static analysis

Static analysis has long been the foundation of professional reverse engineering workflows. It starts from a bare binary and aims to extract its underlying meaning. In practice, this means navigating a massive search space, identifying relevant code paths, and carefully narrowing down to what actually matters.

Why AI thrives on static data

Exploring that vast search space takes time. It requires experience, intuition, and a lot of iterations. Tools such as Ghidra or Radare2 have significantly improved how analysts approach this work, but the core challenge remains largely the same.

AI changes the equation. It can explore large datasets, identify patterns, and help reduce the search space much faster than a human working alone. This is why Agentic AI for static analysis is gaining traction, the data is already structured in a way that makes AI highly effective. However, whether you are a human or an AI agent, there will come a time when data must be analyzed at runtime. This creates a clear need to manage efficient dynamic analysis techniques.

The chaos of runtime execution

Dynamic analysis introduces a different level of complexity. Instead of working from a fixed input, it requires observing a system while it is actively running. This means instrumenting execution, capturing events, and extracting relevant information in real time.

Conceptually, this is very different:

  • The data is not static.
  • The volume of information grows incredibly fast.
  • The context evolves continuously during execution, meaning the data and control flow may not be deterministic.

As a result, applying Agentic AI directly to dynamic analysis is much more challenging. Static tools mostly answer questions by querying a stable object, whereas dynamic tools force the agent to run and control a live experiment. The data is simply not in a form that is easy to process, and that core shift is where most of the difficulty comes from.

Turning dynamic execution into static data

At eShard, we approached this problem differently because we know the underlying mechanics. Through our platform, esReverse, we use Time Travel Debugging (TTD) to transform a dynamic execution into a persistent dataset, a stable execution trace.

Instead of observing a system once and losing that information forever, the full execution is recorded and can be explored afterward. This has several major benefits:

  • It makes execution reproducible, removing the issue of running a process over and over.
  • Analysts can navigate seamlessly forward and backward in time.
  • Specific system states can be queried at any exact point.
  • Complex behaviors can be revisited without rerunning the entire system.

In short, Time Travel Debugging turns complex dynamic analysis into a manageable static file.

Navigating massive execution traces

This transformation comes with a new challenge. Time travel traces of large systems, such as Windows or Android, contain a massive amount of information, including deep kernel internals. Even with a dedicated GUI and API for scripting, the sheer volume of data quickly becomes challenging to manage for a human analyst.

The execution trace itself turns into an ocean of data. Once again, the question becomes: how do you efficiently find what matters?

Bringing Agentic AI back to the table

This is exactly where AI becomes highly effective again. When dynamic execution is converted into structured, persistent data, it becomes accessible to the same type of AI exploration techniques that work so well in static analysis.

We have been exploring this approach internally at eShard. Across multiple use cases, AI-assisted analysis of execution traces has proven effective in identifying relevant behaviors and narrowing down investigation paths. In many cases, it surfaces the exact signal we need within the trace. We achieved this in our first experiments even before all information, particularly the symbols, was available. We know the results will be even more impressive when traces are enriched with that additional context.

However, the initial results already confirm the deep potential of combining Agentic AI with Time Travel Debugging. We provide resources to showcase this so you can verify it yourself:

  • Read our technical blog post targeting our Angry Pangolin challenge.
  • Review our Agentic AI vulnerability research on a VLC exploit.
  • Forge your own opinion on our freemium platform at ttd.eshard.com, which allows you to play with time travel datasets using an open MCP server.

Automating the setup

Generating time travel traces requires a robust technical setup. It involves instrumenting full-system emulation environments, whether for Windows, Linux, Android, or more constrained systems such as firmware.

Because this process can be complex and time-consuming, we are extending our AI capabilities beyond the analysis itself. The next step is to use AI as a copilot to help set up environments, configure instrumentation, and generate traces much more efficiently.

This completely shifts the problem. Instead of spending significant engineering time managing technical complexity, your teams can focus directly on the investigation itself.

Where we go from here

By combining Time Travel Debugging to structure execution data with Agentic AI to explore and analyze it, we are moving toward a fundamentally better way of approaching dynamic analysis. If you would like to see how this approach applies to your own reverse engineering use cases, we would be happy to discuss it with you.