"Study: GPT-4 Agent Can Exploit Unpatched Vulnerabilities"

Researchers at the University of Illinois Urbana-Champaign discovered that feeding public security advisories to a GPT-4 Artificial Intelligence (AI) agent allows it to exploit unpatched "real-world" vulnerabilities even without precise technical information. The researchers fed AI agents descriptions of over a dozen disclosed but unpatched vulnerabilities (also called "one-day" flaws), including two "critical" bugs. The agent they developed using OpenAI's GPT-4 exploited 87 percent of the vulnerabilities. Fourteen other agents created with models such as GPT-3.5, several open source Large Language Models (LLMs), and the open source vulnerability scanners ZAP and Metasploit all failed. This article continues to discuss the research on AI agents exploiting unpatched vulnerabilities.

BankInfoSecurity reports "Study: GPT-4 Agent Can Exploit Unpatched Vulnerabilities"

Submitted by grigby1

Submitted by Gregory Rigby on