AI Models Replicate Zero-Day Discovery in Cybersecurity Research

Severity: Low (Score: 39.7)

Sources: Risky.Biz, www.provos.org

Summary

Niels Provos demonstrated that older AI models can autonomously discover zero-day vulnerabilities using his IronCurtain orchestration framework. This research challenges the notion that only advanced models like Anthropic's Mythos can find such vulnerabilities. Provos successfully replicated findings from recent high-profile reports, including a 27-year-old vulnerability in the OpenBSD TCP SACK implementation, which he originally authored. His workflows utilized commercial models such as Opus and Sonnet, as well as open-weight models like Z.AI's GLM 5.1. The orchestration framework allows for structured vulnerability discovery without relying solely on the models' capabilities. The cost of investigations ranged from $30 to $150 per run, depending on the model used. This research opens new avenues for vulnerability discovery beyond proprietary systems. Key Points: • Niels Provos replicated zero-day discoveries using older AI models, challenging current narratives. • The IronCurtain framework enables structured vulnerability discovery without advanced models. • Investigations using commercial models cost between $30 and $150, making it accessible.

Key Entities

• Zero-day Exploit (attack_type)
• Cwe-125 - Out-of-bounds Read (cwe)
• Cwe-190 - Integer Overflow Or Wraparound (cwe)
• Cwe-787 - Out-of-bounds Write (cwe)
• OpenBSD (platform)
• QEMU (platform)
• Fuzzer (tool)
• Iron Curtain (tool)
• OpenBSD TCP SACK Implementation Flaw (vulnerability)