DANGER: “When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities.”

FOR EDUCATIONAL AND KNOWLEDGE SHARING PURPOSES ONLY. NOT-FOR-PROFIT. SEE COPYRIGHT DISCLAIMER.

REPORT. AI AGENT HACKERS. LLM Agents can Autonomously Exploit One-day Vulnerabilities

LLMs have becoming increasingly powerful, both in their benign and malicious uses. With the increase in capabilities, researchers have been increasingly interested in their ability to exploit cybersecurity vulnerabilities. In particular, recent work has conducted preliminary studies on the ability of LLM agents to autonomously hack websites. However, these studies are limited to simple vulnerabilities. In this work, we show that LLM agents can autonomously exploit one-day vulnerabilities in real-world systems. To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit). Fortunately, our GPT-4 agent requires the CVE description for high performance: without the description, GPT-4 can exploit only 7% of the vulnerabilities. Our findings raise questions around the widespread deployment of highly capable LLM agents.
Subjects:Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)
Cite as:arXiv:2404.08144 [cs.CR]
(or arXiv:2404.08144v2 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2404.08144

Submission history

From: Daniel Kang [view email] [v1] Thu, 11 Apr 2024 22:07:19 UTC (370 KB)
[v2] Wed, 17 Apr 2024 04:34:39 UTC (370 KB)

FOR EDUCATIONAL AND KNOWLEDGE SHARING PURPOSES ONLY. NOT-FOR-PROFIT. SEE COPYRIGHT DISCLAIMER.