Complete News World

Artificial Intelligence in Cybersecurity: Autonomous Exploitation of Vulnerabilities for a Day

Artificial Intelligence in Cybersecurity: Autonomous Exploitation of Vulnerabilities for a Day

One The current study The AI ​​and Cybersecurity topic shows that large language models (LLMs), especially GPT-4, are capable of using so-called single-day vulnerabilities independently. This raises important questions about the safety and ethical aspects of using these technologies.

Insight into the study

The researchers examined how effective MBAs, including the GPT-4 model, were in discovering and exploiting software vulnerabilities in the real world. These vulnerabilities, known as one-day vulnerabilities, are known but have not yet been fixed. Study results show that GPT-4 is able to successfully exploit 87% of these vulnerabilities when provided with vulnerability descriptions (CVEs). Without these descriptions, the success rate drops dramatically to 7%.


The researchers collected 15 real-world vulnerabilities from various sources, including the Common Vulnerabilities and Exposures (CVE) database and frequently cited academic papers. The study stressed that all vulnerabilities tested were reproduced in a safe environment so as not to cause real damage.

A critical aspect of the study was the use of the ReAct agent framework, which made it possible to provide holders of LLM certificates such as GPT-4 with specific tools and information needed to exploit vulnerabilities.

Results and implications

The ability of GPT-4 to discover and exploit vulnerabilities in a single day raises serious questions about the security risks of these technologies. The study shows that these models are not only able to identify vulnerabilities that people may overlook, but can also use this information to carry out attacks. This highlights the need to improve defenses in software applications.

Cost analysis

A cost analysis in the study shows that using GPT-4 to exploit vulnerabilities can be more cost-effective than using human security experts. This could lead to a paradigm shift in how companies manage and implement their cybersecurity.

Ethical considerations

The study concludes with an ethical statement stating that although research results can be misused, public discussion and awareness of these possibilities is critical to ensuring that these techniques are used responsibly.


The study findings challenge not only the cybersecurity sector, but also developers and users of AI technologies to take potential risks seriously and take proactive measures to mitigate these risks. It is clear that AI-powered cybersecurity presents both enormous opportunities and threats. Balancing progress and security will be one of the major challenges in the coming years.

Lawyer Jens Werner (lawyer specializing in IT and criminal law)Lawyer Jens Werner (lawyer specializing in IT and criminal law)
Latest articles by lawyer Jens Werner (lawyer specializing in information technology and criminal law) (View all)