The future of penetration testing and vulnerability hunting will most likely not be with AI, but rather AIs – as in multiples, security experts have warned.
Researchers from the University of Illinois Urbana-Champaign (UIUC) found a group of Large Language Models (LLMs ) outperformed single AI use, and significantly outperformed the ZAP and MetaSploit software.
“Although single AI agents are incredibly powerful, they are limited by existing LLM capabilities. For example, if an AI agent goes down one path (e.g., attempting to exploit an XSS), it is difficult for the agent to backtrack and attempt to exploit another vulnerability,” noted researcher Daniel Kang, “Furthermore, LLMs perform best when focusing on a single task.”
Effective system
The shortcoming of AI hunting for vulnerabilities is, at the same time, its biggest strength – once it goes down one route, it cannot backtrack and take a different route. It also performs best when it focuses on a single task.
Hence, the group designed a system called Hierarchical Planning and Task-Specific Agents (HPTSA), which consists of a Planner, a Manager, and multiple agents. In this system, a planner surveys the app (or website) to try and determine which exploits to explore, and then assigns them to a manager. The manager then delegates different avenues to different agent LLMs.
While the system might sound complex, in practice it has proven to be quite effective. Out of 15 vulnerabilities tested in the experiment, the HPTSA exploited 8 of them. A single GPT-4 agent exploited just 3, which means that HPTSA was more than twice as effective. In comparison, ZAP and MetaSploit software couldn’t exploit a single vulnerability.
There was one instance in which a single GPT-4 agent performed better than HPTSA, and that was when it was given a description of the vulnerability in the prompt. That way, it managed to exploit 11 out of 15 vulnerabilities. However, this requires the researcher to carefully craft the prompt, which many people might not be able to mimic.
The prompts used in this experiment will not be shared publicly, and will only be given to other researchers upon request, it was said.
Via Tom’s Hardware
More from TechRadar Pro
