Report: Generative AI Agents Can Exploit Cybersecurity Vulnerabilities

A new study from the University of Illinois Urbana-Champaign (UIUC) found that large language model (LLM) agents can autonomously exploit real-world cybersecurity vulnerabilities, raising critical concerns about the widespread deployment and security of these advanced AI systems.

The study, "LLM Agents can Autonomously Hack Websites," conducted by Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang, demonstrated that GPT-4, the leading LLM developed by OpenAI, can successfully exploit 87% of one-day vulnerabilities when provided with the Common Vulnerabilities and Exposures (CVE) descriptions. (The CVE is a publicly listed catalog of known security threats.)

This constitutes a massive leap from the 0% success rate achieved by previous models and open source vulnerability scanners, such as the ZAP web app scanner and the Metasploit penetration testing framework.

The researchers collected a dataset of 15 real-world, one-day vulnerabilities, including those categorized as critical severity in the CVE description. When tested, GPT-4 could exploit 87% of these vulnerabilities, while models such as GPT-3.5 and other open-source LLMs failed to exploit any. Without the CVE descriptions, GPT-4's success rate plummeted to 7%, indicating that while GPT-4 is adept at exploiting known vulnerabilities, it struggles to identify them independently.

These findings are both impressive and concerning. The ability of LLM agents to autonomously exploit vulnerabilities poses a significant threat to cybersecurity. As AI models become more powerful, their potential misuse for malicious purposes becomes more likely. The study highlights the need for the cybersecurity community and AI developers to carefully consider the deployment and capabilities of these agents.

"We need to balance the incredible potential of these AI systems with the very real risks they pose," study co-author Kang said in a statement. "Our findings suggest that while GPT-4 can be a powerful tool for finding and exploiting vulnerabilities, it also underscores the need for robust safeguards and responsible deployment."

The study's authors call for more research into improving the planning and exploration capabilities of AI agents, as well as the development of more sophisticated defense mechanisms. Enhancing the security of AI systems and ensuring they are used ethically will be crucial in preventing potential misuse.

"Our work shows the dual-edged nature of these powerful AI tools," co-author Fang said. "While they hold great promise for advancing many fields, including cybersecurity, we must be vigilant about their potential for harm."

As LLMs continue to evolve, their capabilities will only increase. This study serves as a stark reminder of the need for careful oversight and ethical considerations in the development and deployment of these technologies. The cybersecurity community must stay ahead of potential threats by continuously improving defensive measures and fostering collaboration between researchers, developers, and policymakers.

Read the full report here.

About the Author

John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].

Featured

  • DreamBox Math

    Discovery Education Announces Updates to Experience, DreamBox Math

    K-12 learning solution provider Discovery Education has announced enhancements to its Discovery Education Experience and DreamBox Math products, designed to create a more personalized, engaging learning experience for students.

  • abstract pattern of cybersecurity, ai and cloud imagery

    Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A recent report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • digital dashboard featuring a shield icon, graphs, a world map, and network nodes

    IBM Launches Agentic AI Governance and Security Platform

    IBM has introduced a new software stack for enterprise IT teams tasked with managing the complex governance and security challenges posed by autonomous AI systems.

  • laptop and fish hook

    Security Researchers Identify Generative AI 'Vishing' Attack

    A new report from researchers at Ontinue's Cyber Defense Center has identified a complex, multi-stage cyber attack that leveraged social engineering, remote access tools, and signed binaries to infiltrate and persist within a target network.