Teams of LLM Agents can Exploit Zero-Day Vulnerabilities
Yuxuan Zhu, Antony Kellermann, Akul Gupta, Philip Li, Richard Fang, Rohan Bindu, Daniel Kang
TL;DR
This work demonstrates that teams of LLM agents can autonomously exploit real-world zero-day web vulnerabilities using a hierarchical planning framework (HPTSA) that couples a planner, a team manager, and task-specific experts. Through a 14-vulnerability benchmark, HPTSA significantly outperforms baseline scanners and unguided agents, approaching the performance of a fully informed GPT-4 agent while highlighting the necessity of task-specific agents, documents, and hierarchical structure. The results illuminate both the potential for AI-driven offensive cybersecurity and the urgent need for defense-oriented, ethical deployment considerations as AI capabilities mature. The study also provides a cost framework and empirical ablations to guide future improvements in multi-agent cyberattack research.
Abstract
LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities). In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 14 real-world vulnerabilities and show that our team of agents improve over prior agent frameworks by up to 4.3X.