Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit.\u00a0<\/p>\n
This breakthrough significantly compresses the traditional \u201cgrace period\u201d that defenders typically rely on to patch vulnerabilities before working exploits become available.<\/p>\n
The research, conducted by security experts Efi Weiss and Nahman Khayet, reveals that their AI system<\/a> can process the daily stream of 130+ newly published CVEs far faster than human researchers.\u00a0<\/p>\n The implications are profound for cybersecurity defenders who historically enjoyed hours, days, or even weeks before public exploits emerged for known vulnerabilities.<\/p>\n The researchers developed a sophisticated three-stage pipeline that combines Large Language Models (LLMs) with automated testing environments.\u00a0<\/p>\n The system begins by analyzing CVE <\/a>advisories and GitHub Security Advisory (GHSA) data, extracting crucial information including affected repositories, vulnerable versions, and patch details.<\/p>\n The first stage involves technical analysis where the AI examines the vulnerability advisory and corresponding code patches.\u00a0<\/p>\n For example, when processing CVE-2025-54887, a cryptographic bypass affecting JWT encryption, the system identified the specific attack vector and created a comprehensive exploitation plan.<\/p>\n Iterative vulnerability exploitation cycle<\/p>\n The second stage implements a test-driven approach using separate AI agents for creating vulnerable applications and exploit code.\u00a0<\/p>\n The researchers discovered that using specialized agents prevented confusion between different tasks.\u00a0<\/p>\n They employed Dagger containers to create secure sandboxes for testing, enabling the system to validate exploits against both vulnerable and patched versions to eliminate false positives.<\/p>\n The validation loop proved critical, as initial attempts often produced \u201cfalse positive\u201d exploits that worked against both vulnerable and secure implementations.\u00a0<\/p>\n The system iteratively refines both the vulnerable test application and exploit code until achieving genuine exploitation.<\/p>\n Exploit<\/p>\n The research produced<\/a> working exploits for various vulnerability types across different programming languages.\u00a0<\/p>\n Notable examples include GHSA-w2cq-g8g3-gm83, a JavaScript prototype pollution vulnerability, and GHSA-9gvj-pp9x-gcfr, a Python pickle sanitization bypass<\/a>.<\/p>\n The team utilized Claude Sonnet 4.0 as their primary model after finding that Software-as-a-Service (SaaS) models\u2019 initial guardrails could be bypassed through carefully structured prompt chains.\u00a0<\/p>\n They implemented caching mechanisms and type-safe interfaces using pydantic-ai to optimize performance and reliability.<\/p>\n All generated exploits are timestamped using OpenTimestamps blockchain verification and made publicly available.\u00a0<\/p>\n The researchers emphasize that traditional \u201c7-day critical vulnerability fix\u201d policies may become obsolete as AI capabilities advance, forcing defenders to dramatically accelerate their response times from weeks to minutes.<\/p>\n This development represents a significant shift in the cybersecurity landscape, where the automation of exploit development could fundamentally alter the balance between attackers and defenders in the ongoing cybersecurity arms race.<\/p>\n The post AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Takeaways<\/strong>
1. AI generates working CVE exploits in 10-15 minutes for $1 each.
2. Automated three-stage system analyzes CVEs, creates exploits, and validates results.
3. Defenders must now respond in minutes instead of weeks.<\/pre>\nAI-Powered Exploit Generation<\/strong><\/h2>\n
![\"Iterative](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdE8tKKmHQRx8txl5IdSaEASzh16kN0g-qPRrRl6zut9EyXB0_-omlqvktTvLQgBC6aQfbX4c1psGWhIq28--v7cV31N7lwFVtutx44yVkWHGzWgSLboqkxxY8CAZRc5td1dE18?key=SpgOO4ia4UrtHwScJwpAiQ\")
![\"Exploit\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXePaKuTdH9Hn_mhx3Jis7l-uGKHe4WG1TRHkcG9_XxPcfUHIRyaXwRBDNdQg44ITxxvPyksFMoEnrdLoA8yTYAs2_8tkQ46aQiVOJlbg2dw50goAVOIfjVR_1VeCm5XOkovSFL8?key=SpgOO4ia4UrtHwScJwpAiQ\")
Safely detonate suspicious files to uncover threats, enrich your investigations, and cut incident response time.\u00a0Start with an\u00a0ANYRUN sandbox trial<\/a>\u00a0\u2192\u00a0<\/code><\/strong><\/p>\n