OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities -- Security Today

OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

By Brent Dirks
Apr 23, 2024

According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance.

Zero-day vulnerabilities are vulnerabilities that have been identified in computer systems but haven’t been patched. They are a well-known way for cybercriminals to exploit systems.

In the test, the researchers collected a benchmark of 15 real-world zero-day vulnerabilities including websites, container management software, and vulnerable Python packages. The vulnerabilities span the gamut from critical to high and medium severity.

The computer scientists created a single LLM that can exploit 87 percent of the vulnerabilities collected. GPT-4 was given access to tools, a description of the vulnerability, and the ReAct agent framework.

Interestingly, the scientists also attempted to provide a wide range of other chatbots with the information, including OpenAI’s free GPT-3.5 and Meta’s Llama. But every other chatbot had a 0 percent success rate.

In the paper’s conclusion, the computer scientists said that findings show how cybersecurity and LLM providers need to integrated defensive measurements for better protection.

About the Author

Brent Dirks is senior editor for Security Today and Campus Security Today magazines.

Featured

UL Solutions Launches Artificial Intelligence Safety Certification Services

UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now
- Artificial Intelligence
Ransomware Attacks Rise for the First Time in Six Months

Ransomware attacks have risen for the first time in six months, increasing by 28% month-on-month to 421 attacks. While overall attack volume remained below 500, the uptick may signal a renewed escalation heading into the year’s most active period for cyber criminals. Read Now
- Cybersecurity
Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now
- Guard Services
Identity Governance at the Crossroads of Complexity and Scale

Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now
- Cybersecurity
Eagle Eye Networks Launches AI Camera Gun Detection

Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now
- Active Shooter

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”