GPT-4 automatically finds and exploits zero-day security holes, and 53% of the time it works.

Researchers were able to hack into more than half of their test websites by using GPT-4 bots that worked in groups and could create new bots whenever they needed to. This was done using real-world “zero-day” flaws that no one knew about before.

A group of hackers wrote a study a few months ago saying they could use GPT-4 to automatically hack one-day (or N-day) vulnerabilities. These are known security holes for which a fix hasn’t been made public yet. GPT-4 could use 87% of critical-severity Common Vulnerabilities and Exposures (CVEs) by itself if it was allocated the CVE list.

This week, the same researchers put out a follow-up paper saying they’d been able to hack zero-day vulnerabilities (vulnerabilities that haven’t been discovered yet) using a Hierarchical Planning with Task-Specific Agents (HPTSA) method and a group of self-propagating Large Language Model (LLM) agents.

HPTSA doesn’t use a single LLM agent to try to handle a lot of complicated tasks. Instead, it uses a “planning agent” to monitor the whole process and sends out several task-specific “subagents.” The managing agent gives all the work of each “expert subagent” to the planning agent, who acts like a boss to his employees. This way, no one agent has to do too much work on a job it might not be good at.

It’s similar to how Cognition Labs’ Devin AI software development team works: they plan a job, figure out what kind of workers they’ll need, and then project-manage the job until it’s done while creating their own expert “employees” to do the work as required.

Work with AI

When tested against 15 real-world web-focused flaws, HPTSA was 550% better at attacking them than a single LLM. It was also able to hack 8 of the 15 zero-day vulnerabilities. Only three of the fifteen holes could be broken into by the single LLM.

What color hat do you wear? There are good reasons to be worried that these models will let people attack websites and networks in bad ways. Daniel Kang, one of the experts and the author of the white paper, said that GPT-4 is “insufficient for understanding LLM capabilities” in chatbot mode and can’t hack anything by itself.

At least that’s good news.

I asked ChatGPT if it could help me exploit zero-days, and it said, “No, I can’t exploit zero-day vulnerabilities.” “My goal is to give information and help while staying within the law and morals,” and suggested that I talk to a computer expert instead.