The Rise of AI Hackers: A New Cybersecurity Threat
Researchers have successfully hacked more than half of the tested websites using autonomous bot teams powered by GPT-4. These bots coordinated their actions and created new bots as needed, exploiting previously unknown zero-day vulnerabilities.
A few months ago, a research team published a paper claiming they had used GPT-4 to autonomously exploit N-day vulnerabilities—those that are already known but have not yet been patched. When provided with CVE lists, GPT-4 was able to independently exploit 87% of critical vulnerabilities.
Last week, the same group of researchers released a follow-up paper reporting that they managed to hack zero-day vulnerabilities—those not yet discovered—using a team of autonomous agents based on large language models (LLMs). They employed a method called Hierarchical Planning with Task-Specific Agents (HPTSA).
How HPTSA Works
Instead of assigning a single LLM agent to handle many complex tasks, HPTSA uses a “planner agent” to oversee the entire process and launch multiple “sub-agents,” each responsible for specific tasks. Much like a manager and their team, the planner agent coordinates the actions of a manager agent, who then distributes the workload among “expert sub-agents,” reducing the burden on any one agent when tackling complex problems.
This technique is similar to what Cognition Labs uses in their software development team, Devin AI. They plan the work, determine which specialists are needed, manage the project to completion, and create their own specialists as needed to handle specific tasks.
Effectiveness of the AI Team Approach
When tested on 15 real-world website vulnerabilities, the HPTSA method was 550% more effective than a single LLM agent, successfully hacking 8 out of 15 zero-day vulnerabilities. In comparison, individual LLM efforts managed to hack only 3 out of 15 vulnerabilities.
Black Hats or White Hats?
There is a legitimate concern that these models could enable malicious actors to attack websites and networks. Daniel Kang, one of the researchers, noted that in chatbot mode, GPT-4 is “insufficient for understanding the capabilities of LLMs” and cannot hack anything on its own. This is, at least, some good news.
When asked about the possibility of exploiting zero-day vulnerabilities, ChatGPT responded: “No, I am not capable of exploiting zero-day vulnerabilities. My goal is to provide information and assistance within ethical and legal boundaries,” and suggested consulting a cybersecurity professional.