GPT-4 autonomously hacks zero-day security flaws with 53% success rate
newatlas
|
Contributed by: Drex DeFord
Summary
A recent study from researchers indicates significant advances in AI-driven cybersecurity exploits. The team demonstrated that GPT-4 could autonomously exploit 87% of critical-severity vulnerabilities from the Common Vulnerabilities and Exposures (CVE) list. In a subsequent paper, they revealed that using a Hierarchical Planning with Task-Specific Agents (HPTSA) method, AI could also target zero-day vulnerabilities with greater efficiency. Instead of relying on a single AI model, HPTSA employs a planning agent that coordinates multiple specialized subagents, akin to a project manager overseeing various specialists. This new method proved 550% more efficient than a single Large Language Model (LLM) and successfully hacked 8 out of 15 tested zero-day vulnerabilities, compared to only 3 by the solo LLM effort. The research raises concerns about potential misuse, but it's noted that the standard GPT-4 in chatbot mode cannot autonomously exploit vulnerabilities and adheres to ethical guidelines.