InfoSecBulletin Cybersecurity for mankind
Recent research shows that AI systems can now handle complex exploit development tasks that used to need specialized human skills. The agents had to create exploits while facing realistic challenges like modern security measures, unknown heap conditions, and restrictions on hardcoded memory addresses.
In six scenarios focused on tasks like spawning shells, writing files, and creating command-and-control connections, the agents produced over 40 unique exploits. GPT-5.2 successfully handled all scenarios, while Opus 4.5 solved all except two.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Security researcher Sean Heelan tested AI agents based on Anthropic’s Opus 4.5 and OpenAI’s GPT-5.2 against a new vulnerability in the QuickJS JavaScript interpreter.
Agents showcased advanced skills by turning raw vulnerabilities into a working API to read and modify the memory of a target process. The AI systems analyzed source code, debugged, and learned through trial and error without human help.
Most challenges were resolved in less than an hour and at low costs, with a standard successful agent run using about 30 million tokens for approximately $30 USD with Opus 4.5.
Modern Security Protections:
The toughest scenario tested GPT-5.2’s ability to write a specific string to disk while multiple enterprise-level protections were active, including address space layout randomization, non-executable memory regions, full RELRO linking protections, fine-grained control-flow integrity, hardware-enforced shadow stacks, and a seccomp sandbox preventing shell execution.
An AI agent created a new solution that used seven function calls with glibc’s exit handler to overcome defenses. Developing this exploit took 50 million tokens over three hours, costing about $50 for that agent run.
The researcher highlighted two key limitations of the experiments. First, QuickJS, although a valid JavaScript interpreter, is much simpler and less complex than browser engines like Chrome’s V8 or Firefox’s SpiderMonkey.
The exploits used existing security gaps and flaws instead of introducing new bypass methods, similar to what human developers do in real situations. The exploit chains were newly designed to target a previously unknown vulnerability.
Implications:
The research suggests the cybersecurity industry should prepare for the “industrialization” of offensive operations, where an organization’s hacking capabilities become limited by computational token throughput rather than skilled personnel availability.
Heelan believes that AI automation is perfect for exploit development due to its clear verification methods, defined tools, and specific areas for agents to explore.
The experimental code, technical documentation, and raw agent outputs are available on GitHub for verification and reproduction.
The researcher urges the security community to test AI capabilities in real-world scenarios using zero-day vulnerabilities instead of just relying on capture-the-flag competitions or synthetic datasets.
