Teams of bots powered by GPT-4 can scan websites for zero-day vulnerabilities and attack them with a success rate of 53%, researchers from the University of Illinois Urbana-Champaign have found.
Large language models (LLMs) can collaborate and work better than a single instance of chatbot to exploit real-world vulnerabilities. The paper demonstrates up to 4.5 times improvement compared to a standalone AI agent.
Researchers have developed what they call “the first multi-agent system to successfully accomplish meaningful cybersecurity exploits.”
Dubbed HPTSA (Hierarchical Planning and Task-Specific Agents), the framework consisted of a Planner bot, a Manager bot, and task-specific AI-powered agents.
“To test our agent framework, we developed a benchmark of real-world zero-day vulnerabilities,” the paper explains. We collected 15 web vulnerabilities. Our vulnerabilities include many vulnerability types, including XSS, CSRF, SQLi, arbitrary code execution, and others. They are all of the severity medium or higher (including high severity and critical vulnerabilities).”
Only vulnerabilities past the knowledge cutoff date of the GPT-4 base model were used, meaning that the LLM did not have prior knowledge about the vulnerabilities.
To ensure that real users were not harmed, the bots targeted reproducible open-source systems in a sandboxed environment.
The AI-agent cybergang achieved a 53% success rate after 5 attempts and 33% after one attempt. For comparison, open-source vulnerability scanners scored 0% in this benchmark.
Not only were the bots successful, but they were also cheaper compared to human labor.
“The average cost for a run was $4.39. With an overall success rate of 18%, the total cost would be $24.39 per successful exploit,” the researchers calculated.
Using similar cost estimates for a cybersecurity expert ($50 per hour) as prior work and an estimated time of 1.5 hours to explore a website, we arrive at a cost of $75. Thus, our cost estimate for a human expert is higher, but not dramatically higher than using an AI agent.”
With AI costs continuing to fall, GPT-4 level agents may become three to six times cheaper in the next one to two years.
“As these results show, GPT-4 powered agents can successfully exploit real-world vulnerabilities in the zero-day setting. Our results resolve an open question in prior work, showing that a more complex agent setup (HPTSA) can exploit zero-day vulnerabilities effectively,” the paper concludes.
Researchers warn that cybersecurity, on both the offensive and defensive sides, will increase as blackhat actors can use AI agents for hacking, and penetration testers can employ AI systems to scale defenses.
There’s still plenty of room for improvement because the AI agents weren’t effective in all cases.
Your email address will not be published. Required fields are markedmarked