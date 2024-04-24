wordpress blog stats
GPT-4 capable of autonomously exploiting vulnerabilities in real world systems through security advisories, says study

In a sandbox environment, GPT-4 was capable of autonomously exploiting 87% of real-world vulnerabilities , which would come out to 13 out of 15, by reading Common Vulnerabilities and Exposures (CVE) advisories.

GPT-4 can autonomously exploit real vulnerabilities in open source software by reading Common Vulnerabilities and Exposures (CVE) advisories, revealed a recently published research paper. “In this work, we show that LLM agents can autonomously exploit one-day vulnerabilities in real-world systems,” said the paper, “When given the CVE description, GPT-4 is capable of  exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit).”

The paper, which was published by four researchers at the University of Illinois Urbana-Champaign, involved creating a dataset of fifteen one-day vulnerabilities, which are system vulnerabilities which have been detected but not yet been patched, including one termed as ‘ACIDRain’, which was used to hack a cryptocurrency exchange in 2016 for $50 million in damages. An LLM agent was created which consisted of a base LLM program (like GPT-4), a prompt, agent framework and tools, which involved web browsing elements (retrieving HTML, clicking on elements, etc.), a terminal, web search results, file creation and editing, and a code interpreter. The agent totaled only 91 lines of code, showing the simplicity of the approach. The experiment was carried out in a sandbox environment which would prevent actual harm. Under these conditions, GPT-4 was capable of autonomously exploiting 87% of these vulnerabilities, which would come out to 13 out of 15. The agent failed two vulnerabilities, Iris XSS, which is related to the Iris web app and is extremely difficult for an LLM agent to navigate, according to the paper and Hertzbeat RCE, the detailed description for which was in Chinese. 

The researchers also tested other LLM models such as PT-3.5, OpenHermes-2.5-Mistral-7B, Llama-2 Chat (70B), LLaMA-2 Chat (13B), LLaMA-2 Chat (7B), Mixtral-8x7B Instruct, Mistral (7B) Instruct v0.2, Nous Hermes-2 Yi 34B, and OpenChat 3.5 all of which had a 0% success rate. 

Interestingly, when the researchers removed the CVE descriptions, the success rate dropped to 7%, suggesting that finding vulnerabilities was extremely difficult for the LLM. The researchers suggested the cost of conducting a successful LLM based attack to be around $8.80 per exploit.

