Teams of LLM Agents can Exploit Zero-Day Vulnerabilities (2406.01637v1)

Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities). In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 15 real-world vulnerabilities and show that our team of agents improve over prior work by up to 4.5$\times$.

• The paper introduces SN, a multi-agent LLM framework that achieves up to 4.5× performance improvement over single-agent approaches in exploiting zero-day vulnerabilities.
• It details a hierarchical planning agent, team manager, and task-specific agents that collectively identify and exploit various vulnerabilities including SQLi and XSS.
• Experimental results show SN outperforms traditional scanners, achieving pass rates of 33.3% and 53% on a benchmark of 15 real-world zero-day vulnerabilities.

Teams of LLM Agents can Exploit Zero-Day Vulnerabilities

The paper "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities" by Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang from the University of Illinois Urbana-Champaign presents a novel approach to exploiting zero-day vulnerabilities using teams of LLM agents. This work extends previous research by demonstrating that more sophisticated, collaborative AI agents can effectively exploit real-world, zero-day vulnerabilities, an area where single-agent approaches have struggled.

Key Contributions

The primary contribution of this paper is the introduction of a multi-agent framework, named \sn, which harnesses the collective capabilities of specialized and hierarchical planning agents to exploit zero-day vulnerabilities. The paper details several key components and methodologies:

1. Hierarchical Planning Agent: This agent explores the system to identify potential vulnerabilities and designs strategic actions.
2. Team Manager Agent: This supervises and coordinates task-specific agents to execute detailed exploitation strategies.
3. Task-Specific Agents: These are specialized in particular types of vulnerabilities, such as SQL injection (SQLi), Cross-Site Scripting (XSS), and others.

The team evaluates \sn on a newly constructed benchmark of 15 real-world vulnerabilities that are beyond the knowledge cutoff date of the LLM used (GPT-4). The evaluation demonstrates the efficacy of \sn, showing an improvement of up to 4.5$\times$ over previous single-agent approaches.

Strong Numerical Results

The experimental results are notable:

• \sn achieves a pass at 1 of 33.3\% and a pass at 5 of 53%, showcasing a significant leap in the capability to exploit zero-day vulnerabilities.
• Compared to a single GPT-4 agent without vulnerability descriptions, \sn improves performance by 4.5$\times$ on pass at 1 and by 2.7$\times$ on pass at 5.
• The comparative evaluation against open-source vulnerability scanners (ZAP and MetaSploit) demonstrates that these traditional tools achieve 0\% on the benchmark, indicating the superior performance of \sn.

Implications and Future Directions

The implications of this research are profound for both offensive and defensive cybersecurity. On the offensive side, black-hat actors could potentially leverage similar multi-agent frameworks to exploit zero-day vulnerabilities more efficiently. Conversely, defenders, including penetration testers, can utilize such advanced AI agents to enhance the frequency and thoroughness of security assessments.

This work suggests a shift in how cybersecurity operations might evolve with the integration of multi-agent AI systems. Practically, organizations might adopt these systems to automate and enhance their security posture. Theoretically, it opens avenues for exploring even more complex, cooperative AI frameworks that can handle a wider range of cybersecurity tasks.

Future research could investigate several extensions of this work:

• Diversified Vulnerability Types: Expanding the types of vulnerabilities and environments beyond web-based systems to evaluate the generality of \sn's approach.
• Cost-Reduction Strategies: Exploring ways to lower the computational and financial costs associated with deploying such multi-agent systems.
• Defense Mechanisms: Developing robust defenses against AI agents designed to exploit vulnerabilities, which remains an underexplored aspect of cybersecurity.

Limitations

The research is limited by its focus on web-based vulnerabilities and reproducible open-source benchmarks. This narrow scope may not fully capture the complexity and diversity of real-world environments. Additionally, while the results are promising, the practical deployment of such systems raises ethical considerations and necessitates stringent control measures to prevent misuse.

Conclusion

In summary, the paper "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities" makes a significant contribution to the field of AI-driven cybersecurity by demonstrating that collaborative, specialized AI agents can effectively exploit complex zero-day vulnerabilities. This work bridges a critical gap in the current capabilities of AI agents and sets the stage for future developments in both offensive and defensive cybersecurity strategies.