A team of researchers has developed AI agents capable of autonomously hacking websites and exploiting real-world zero-day vulnerabilities.
These AI agents don’t need to be told about the specific vulnerability beforehand.
They can identify and exploit new, unknown vulnerabilities.
Artificial Intelligence (AI) has consistently pushed the boundaries of what technology can achieve, transforming industries and revolutionising the way we live and work. From enhancing medical diagnostics to advancing autonomous vehicles, AI’s potential seems limitless. However, as researchers continue to explore the capabilities of AI, new and sometimes unsettling applications are emerging. In a groundbreaking development, a team of researchers has now created AI agents that can autonomously hack websites and perform other complex tasks.
Also read: Understanding your dog’s bark might soon be possible with AI: Check details
A team from the University of Illinois has developed AI agents capable of autonomously hacking websites and exploiting real-world zero-day vulnerabilities—security flaws unknown even to the developers, reports MarkTechPost.
Also read: Digital Experience Assurance: AI that can predict & fix internet outages
Current AI hacking agents, like those using the ReAct method, struggle with complex, multi-stage attacks. Here’s why:
- Overwhelming Context: These agents have to keep track of extensive information like pages of code and numerous HTTP requests, which becomes unmanageable.
- Limited Flexibility: If the agent starts exploiting one vulnerability, like an XSS vulnerability, it has trouble switching to a different type of attack, such as SQL injection.
Researchers have confirmed these issues. If an AI agent begins down one path, it has a hard time changing course to try other vulnerabilities.
Using an advanced system called HPTSA (Hierarchical Planning and Task-Specific Agents), these AI agents work together like a well-oiled machine to probe websites, identify vulnerabilities, and execute hacks, the report said.
What’s impressive is that these agents don’t need to be told about the specific vulnerability beforehand. They can identify and exploit new, unknown vulnerabilities. Researchers tested HPTSA on 15 recent real-world vulnerabilities from major platforms like WordPress. The AI agents, unfamiliar with these vulnerabilities, managed to exploit 53% of them within just five attempts. In contrast, open-source security scanners failed to exploit any.
The researchers aim to use this to improve defence against AI-powered attacks.
Follow Us
Ayushi Jain
Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds. View Full Profile
