New research:

LLM Agents can Autonomously Hack Websites

Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity. However, not much is known about the offensive capabilities of LLM agents.

In this work, we show that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand. This capability is uniquely enabled by frontier models that are highly capable of tool use and leveraging extended context. Namely, we show that GPT-4 is capable of such hacks, but existing open-source models are not. Finally, we show that GPT-4 is capable of autonomously finding vulnerabilities in websites in the wild. Our findings raise questions about the widespread deployment of LLMs.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Commerce Dept. to look at privacy, cyber risks from Chinese-sourced connected vehicle equipment

February 29, 2024 0 Comments 0 tags

The Department of Commerce is investigating the potential national security risks of connected vehicles and associated technologies that are sourced from China or other U.S. adversaries — before they become

Fifth of British Kids Have Broken the Law Online

February 19, 2024 0 Comments 0 tags

A new National Crime Agency study reveals 20% of 10- to 16-year-olds have violated the Computer Misuse Act

SMBs at Risk From SendGrid-Focused Phishing Tactics

February 22, 2024 0 Comments 0 tags

Kaspersky explained the fraudulent emails prompted recipients to enable two-factor authentication