Published in AI

Teams of AI chatbots can hack websites

by on10 June 2024


Creating new Zero-days

Security Boffins have hacked into more than half of their test websites using self-coordinating teams of GPT-4 bots that could create new bots as needed.

This was achieved using unknown 'zero day' exploits that had not been identified before.

Earlier, researchers Richard Fang, Rohan Bindu, Akul Gupta, Daniel Kang made a startling revelation GPT-4 bots could autonomously discover and exploit known security flaws, also known as one-day or N-day vulnerabilities. This means that even issues that are known but not yet fixed are not safe from its reach. When given the Common Vulnerabilities and Exposures (CVE) list, GPT-4 was able to exploit a staggering 87 per cent of the critical-severity CVEs on its own.

More recently, the same researchers have reported that they can now hack unknown vulnerabilities, called zero-day vulnerabilities, using a team of self-replicating Large Language Model (LLM) agents. They used a method called Hierarchical Planning with Task-Specific Agents (HPTSA).

Instead of one LLM agent tackling many complex tasks, HPTSA employs a "planning agent" to oversee the process and initiate multiple "subagents," each with a specific task. Like a manager and their team, the planning agent coordinates the entire operation, assigning tasks to each "expert subagent" to reduce the burden on any single agent.

This approach is akin to the one used by Cognition Labs with its Devin AI software development team. They plan a project, determine the necessary specialists, and then manage the project to completion while creating specialist 'employees' to handle specific tasks as needed.

In tests against 15 real-world web vulnerabilities, HPTSA proved 550 per cent more effective than a single LLM at finding and exploiting vulnerabilities, successfully hacking 8 out of 15 zero-day vulnerabilities. In contrast, a solo LLM agent could only hack 3 out of the 15 vulnerabilities.

Concerns exist that such models could be used for malicious attacks on websites and networks. Daniel Kang, one of the researchers and the author of the white paper, pointed out that GPT-4, in chatbot mode, is "insufficient for understanding LLM capabilities" and cannot hack on its own.

When asked if it could exploit zero-days, ChatGPT responded, "No, I am not capable of exploiting zero-day vulnerabilities. My purpose is to provide information and assistance within ethical and legal boundaries," and recommended consulting a cybersecurity professional.

Last modified on 10 June 2024
Rate this item
(1 Vote)