AI Agents Will Flood Infosec with Zero-Days
Frontier LLMs excel at vulnerability discovery by pattern-matching bug classes across codebases, enabling simple scripts to generate hundreds of validated high-severity exploits, ending scarcity of elite attention and disrupting exploit economics.
LLMs Solve Exploitation's Core Search Problems
Vulnerabilities hide in obscure code paths like font rendering or Unicode shaping, not obvious security spots—trace inputs through programs to find them via pattern-matching bug classes (stale pointers, type confusion, allocator grooming) and constraint-solving for reachability. LLMs encode correlations across vast codebases (e.g., Linux KVM to hrtimer) and all documented bug classes pre-trained, making vuln research their ideal task: stochastic iteration yields deep coverage without boredom, testable outcomes enable endless refinement. Traditional research split 20% CS fundamentals and 80% jigsaw puzzles; LLMs are universal solvers, per Richard Sutton's Bitter Lesson—scale trumps domain expertise.
Human elites targeted high-value browsers via "weird machines," but unglamorous code (routers, printers) evaded fuzzers. AI drops elite attention cost to ε: no sleep, chemicals, or Zoomers needed—100 Claude instances scan forever for free.
Anthropic Red Team's 100% Success Pipeline
Nicholas Carlini scripts bash loops over repo files, prompting Claude: "Find exploitable vuln in ${FILE}, write ${FILE}.vuln.md." Then verifies each report: "Is this exploitable?" Yields ~500 validated high-severity vulns across browsers, web apps, databases—including Ghost CMS SQLi and Rails YAML deserialization RCE (chaining HTTP params to object instantiation). No fancy tools—stochastic pulls, file perturbation for coverage, straight to printable exploits. Works beyond memory corruption: latent knowledge of framework internals answers "anonymous user to RCE?" directly.
This skips indexers/fuzzers; simple 15-minute scripts suffice. Model cards now benchmark vuln outcomes, fueled by frontier labs' billions.
Post-Scarcity Vulnerabilities Overwhelm Defenses
Agents aim everywhere: autoupdating giants (Chrome/iOS) cope, but embedded systems (banks/hospitals) require physical patches—priced-in risks explode as ransomware jackpots multiply. Open source faces verified sev:hi floods beyond slop reports. Layered defenses (sandboxes, allocators) iterate same problems; agents chain full exploits. Closed source crumbles faster—LLMs reverse/decompile/reason from asm.
Regulation looms: policymakers may criminalize vuln disclosure amid AI/ransomware panic, ignoring dual-use benefits or China lag. Industry must defend research as CS info revelation. Humans retain edge in undocumented techniques, but most impacts were "boring" via basics/luck—incentives shift fast.