Unlocking PoC Code in 15 Minutes: AI Supercharges Exploitation

An AI-powered offensive research system has created more than a dozen exploits for vulnerabilities, bringing down the time to develop to less than 15 minutes in many cases, highlighting the impact that full automation could have on enterprise defenders.

The system, created by a pair of Israeli cybersecurity researchers, uses prompts to a large language model (LLM), Common Vulnerabilities and Exposure (CVE) advisories, and patches pushed to open source repositories to generate proof-of-concept exploit code. The analysis pipeline uses Anthropic’s Claude-sonnet-4.0 model to analyze the advisories and code patches, create a vulnerable test application and exploit code, and then validates the results against vulnerable and patched versions of the target application.

The system, which took only a few weeks to build, created exploits for 14 different vulnerabilities in open source software packages — some in as little as 15 minutes. While the approach requires hands-on tweaking, it shows that LLMs can help would-be cyberattackers develop exploits quickly, says Nahman Khayet, one of two independent cybersecurity researchers working on the project.

Defenders will have to change their mindset to keep up with vulnerabilities that are easy to turnaround into exploits, he says.

Related:AI-Powered Ransomware Has Arrived With ‘PromptLock’

“Attackers may be doing this right now — or will do it in the near future — and the industry isn’t ready for it, because nobody is prepared for exploits [generated] at machine speed,” Khayet says. “Nobody believed that it’s possible that some vulnerabilities can be exploited in as little as five minutes.”

The project, which the researchers dubbed Auto Exploit, is not the first to use LLMs for automated vulnerability research and exploit development. NVIDIA, for example, created Agent Morpheus, a generative AI application that scans for vulnerabilities and create tickets for software developers to fix the issues. Google uses an LLM dubbed Big Sleep to find software flaws in open source projects and suggest fixes.

Other LLM-augmented tools give offensive researchers and cyberattackers the ability to bypass security software by creating code designed to evade security checks and antivirus scanners.

A Buck a Bug

The Auto Exploit program shows that the ongoing development of LLM-powered software analysis and exploit generation will lead to the regular creation of proof-of-concept code in hours, not months, weeks, or even days. The median time-to-exploitation of a vulnerability in 2024 was 192 days, according to data from VulnCheck.

Related:Citrix Gear Under Active Attack Again With Another Zero-Day

Of the vulnerabilities exploited in 2024, half were exploited within 192 days — a period expected to shrink as attackers increasingly use AI. Source: VulnCheck

In the latest project, the researchers used Anthropic’s Claude to generate code, but also played around with other major LLMs, including the recently released open source version of ChatGPT. The approach does not take long to start delivering dividends, says Khayet.

“We did it on our free time — no company, no money, no anything,” he says. “We paid a few hundred dollars for all the experiments, and at the end, it generates an exploit for about $1. So just think about the magnitude of that: Even a financial motivated hacker can extend this method to hundreds of vulnerabilities and maybe thousands of vulnerabilities, and I’m not even talking about nation-state actors and others.”

The low cost of generating exploits means that more far vulnerabilities could result in N-day exploits — industry parlance for exploits released in the days after a vulnerability is disclosed and patched. As a result, the degree to which vulnerable software is exposed to the Internet will likely be far higher predictor of potential cyberattacks than the difficulty of exploiting a specific vulnerability, the researchers say.

Easy to Jump Guardrails

LLM guardrails have done very little to prevent the exploitation research, because the so much of cybersecurity depends on intent. In an Aug. 27 analysis, Anthropic revealed that its Claude Code service had already been used to automate a digital-extortion campaign.

Related:ClickFix Attack Tricks AI Summaries Into Pushing Malware

Claude is not alone. Cybersecurity researchers and attackers have repeatedly bypassed guardrails put up to restrict the creation of malicious code or exploits in OpenAI’s ChatGPT and Google Gemini as well.

In the Auto Exploit research, bypassing guardrails initially took some time, but became increasingly easy, says Efi Weiss, the second half of the security duo.

“The first time we did encounter guardrails, it did tell us, ‘I don’t want to do that. It sounds malicious,'” he says. “But once you play around with it a bit … and tell it, ‘Now, just analyze it. Now, just try to build a working example,’ then, it doesn’t refuse, and you can start to go around those guardrails. We managed to pass them very quickly.”

Defenders Under Pressure

Overall, the fast pace of research and quick adoption of AI tools by threat actors means that defenders do not have much time, says Khayet. In 2024, nearly 40,000 vulnerabilities were reported, but only 768 — or less than 0.2% — were exploited. If AI-augmented exploitation becomes a reality, and vulnerabilities are not only exploited faster but more widely, defenders will truly be in trouble.

“We believe that exploits at machine speed demand defense at machine speed,” he says. “You have to be able to create some sort of a defense as early as 10 minutes after the CVE is released, and you have to expedite, as much as you can, the fixing of the actual library or the application.”

Unfortunately, after talking with security practitioners who typically have hundreds to thousands of open vulnerability findings in their systems, the researchers say that the industry is not ready for the shift to fast exploitation.

In addition, the ease of exploitability may become less of a factor for attackers, meaning that enterprise defenders should instead focus on what software can be accessed by attackers and not the exploitability of the vulnerability, an approach known as reachability analysis, says Khayet.

“You can deprioritize those that are not exposed, or that are less exposed,” he says. “But I do think that the whole idea of prioritization based on some calculation of exploitability is something that will not work anymore.”