Security firm automates zero-day discovery using AI code analysis
Intruder's vulnerability vending machine combines code slicing with large language models to find exploitable flaws without human analysts.
Intruder, a cybersecurity company, has developed an automated system that uses artificial intelligence to discover previously unknown software vulnerabilities. The system combines static code analysis techniques with large language models to identify and exploit zero-day flaws at scale.
The company demonstrated the capability by discovering and exploiting an unknown vulnerability in a WordPress plugin. The system operates by breaking code into analyzable segments, feeding them to LLMs trained on vulnerability patterns, and automatically generating proof-of-concept exploits. Intruder reports additional vulnerabilities have been found and are currently under responsible disclosure with affected vendors.
The approach marks a shift from traditional vulnerability research, which relies on human analysts to manually review code and identify flaws. By automating the discovery pipeline, the system can process far larger codebases and identify complex multi-step vulnerabilities that might escape manual review.
- 01Software vendors face compressed timelines between release and exploit availability.
- 02Security teams must assume faster weaponization of newly disclosed vulnerabilities.
- 03Offensive security capabilities become accessible to smaller, less-resourced threat actors.
- 04Responsible disclosure programs will face higher submission volumes and complexity.
Windows zero-day grants admin access on patched systems
Researcher releases LegacyHive exploit enabling privilege escalation on current Windows versions, no patch available.
Ransomware attack halts Coca-Cola's Fairlife dairy production nationwide
Coca-Cola disclosed that a cyberattack on its Fairlife subsidiary has suspended all US production of the premium dairy brand.
SonicWall warns of active exploits against two SMA 1000 zero-days
One vulnerability carries a maximum severity score and could allow unauthenticated attackers to execute arbitrary commands on enterprise VPN appliances.