Security News > 2024 > April > OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds

OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds
2024-04-26 00:40

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found.

How successful is GPT-4 at autonomously detecting and exploiting vulnerabilities? GPT-4 can autonomously exploit one-day vulnerabilities.

The GPT-4 agent was able to autonomously exploit web and non-web one-day vulnerabilities, even those that were published on the Common Vulnerabilities and Exposures database after the model's knowledge cutoff date of November 26, 2023, demonstrating its impressive capabilities.

GPT-4 cannot autonomously exploit zero-day vulnerabilities.

The base language model could be alternated between GPT-4 and these other open-source LLMs:. The agent was equipped with the tools necessary to autonomously exploit vulnerabilities in target systems, like web browsing elements, a terminal, web search results, file creation and editing capabilities and a code interpreter.

The researchers wanted to compare their effectiveness in identifying and exploiting vulnerabilities to LLMs. Ultimately, it was found that only an LLM agent based on GPT-4 could find and exploit one-day vulnerabilities - i.e., when it had access to their CVE descriptions.


News URL

https://www.techrepublic.com/article/openai-gpt4-exploit-vulnerabilities/