SURPRISE: GPT-4 Can Exploit Unpatched Vulnerabilities

Who would have guessed?

Researchers at the University of Illinois Urbana-Champaign (UIUC) fed AI agents vague descriptions of more than a dozen unpatched vulnerabilities. The agent they created with GPT-4 exploited 87 percent of those vulnerabilities.

Fourteen other agents made with lesser tools like GPT 3.5 and Metasploit failed.

The researchers said that GPT-4 was better at creating exploits to the vulnerabilities than the other LLMs they tested.

Oh, yeah, it took them 91 lines of code.

While this is significantly better at hacking than what “script kiddies” can do today, give these models a few years and they will be on par with the best hackers.

This points out that finding a vulnerability is way harder than exploiting it.

The cost of creating the exploit – $8.80.

The takeaway here is that exploiting vulnerabilities is getting easier every day and that means that companies need to significantly improve their protections, detections and remediations over the next few years or hackers will own them if they want to.

Think about this. If you can exploit vulnerabilities for the same level of cost as you send out phishing emails, what does that mean for the future?

If this concerns you, please contact us.

Credit: Data Breach Today

by