OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance.

Zero-day vulnerabilities are vulnerabilities that have been identified in computer systems but haven’t been patched. They are a well-known way for cybercriminals to exploit systems.

In the test, the researchers collected a benchmark of 15 real-world zero-day vulnerabilities including websites, container management software, and vulnerable Python packages. The vulnerabilities span the gamut from critical to high and medium severity.

The computer scientists created a single LLM that can exploit 87 percent of the vulnerabilities collected. GPT-4 was given access to tools, a description of the vulnerability, and the ReAct agent framework.

Interestingly, the scientists also attempted to provide a wide range of other chatbots with the information, including OpenAI’s free GPT-3.5 and Meta’s Llama. But every other chatbot had a 0 percent success rate.

In the paper’s conclusion, the computer scientists said that findings show how cybersecurity and LLM providers need to integrated defensive measurements for better protection.

About the Author

Brent Dirks is senior editor for Security Today and Campus Security Today magazines.

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West

  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events
Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.