Revolutionizing Cybersecurity: How AI Accelerates Exploit Development and Shrinks Defense Timelines

1. Introduction: The Shifting Dynamics of Vulnerability Exploitation

The cybersecurity industry faces relentless pressure, defined by a continuous race between identifying and patching vulnerabilities and exploiting them. The phrase "Patch Tuesday, Exploit Wednesday" captures this dynamic, referring to the rapid weaponization of vulnerabilities soon after vendors release security patches [1]. Historically, developing reliable exploits for complex memory corruption vulnerabilities in modern operating systems required significant time, resources, and expertise in reverse engineering and vulnerability analysis [1]. This complexity provided defenders with a shrinking but critical window to test and deploy patches before widespread exploitation.

The advent of Artificial Intelligence (AI), particularly Large Language Models (LLMs), introduces a disruptive element to this dynamic. LLMs are advanced AI systems trained on vast datasets of text and code, offering remarkable capabilities in natural language understanding, code analysis, and code generation [3]. This week’s newsletter explores the premise that LLMs can significantly accelerate key stages of the exploit development process, particularly for publicly disclosed vulnerabilities, also known as "one-day" or "N-day" exploits [5]. This acceleration challenges traditional defense timelines, further reducing the already limited window for patch deployment. Cutting-edge models, combined with simple agent frameworks, suggest that exploit development tasks previously requiring specialized skills may become more accessible. This shift has the potential to expand the pool of actors capable of quickly weaponizing newly disclosed vulnerabilities [5].This newsletter provides a detailed examination of this evolving threat.

2. Understanding the Building Blocks

To fully grasp how AI accelerates exploit development, it is essential to understand the core technologies and processes involved: the capabilities of LLMs in handling code and technical information, and the established methodology attackers use to turn patches into exploits.

2.1. Large Language Models: Capabilities in Code Comprehension and Generation

Large Language Models (LLMs) are advanced AI systems built on transformer architectures with self-attention mechanisms. They are trained on extensive datasets, including internet text, books, and code repositories like GitHub and Stack Overflow [3]. This training equips them with robust capabilities to process, understand, and generate human-like text and functional computer code [3]. Their integration into software development workflows, such as PyCharm and VSCode, is increasingly common, enhancing developer efficiency through code assistance and analysis [11].

LLMs excel in source code analysis, enabling them to identify patterns, understand structure and functionality, and extract semantic relationships within complex codebases [10]. These abilities support applications like generating code summaries, explaining functionality in natural language, identifying bugs, and optimizing code [3]. Research highlights their role in helping developers understand code behavior and logic, facilitating maintenance and enhancements [10]. Studies on conversational interfaces within IDEs reveal varying effectiveness for code comprehension, depending on user experience and learning style [10].

Beyond analysis, LLMs are proficient in code generation. They can produce executable code in various programming languages based on natural language prompts or contextual information from existing code [3]. Tasks include completing code snippets, translating code between languages, and generating entire functions or modules [11]. This process involves interpreting prompts, retrieving relevant code patterns, assembling and refining fragments, and delivering output code [11]. Additionally, their natural language processing capabilities enable them to parse technical documents such as software manuals, API specifications, patch notes, and CVE descriptions [3]. This ability to extract critical information about software changes and vulnerabilities plays a vital role in exploit development [5].

2.2. The Anatomy of Exploit Development from Patches

Exploit development involves identifying and exploiting software vulnerabilities to achieve unintended behaviors, such as unauthorized access or arbitrary code execution. Following the release of security patches, attackers or researchers often reverse engineer the patch to develop exploits before defenders can widely deploy the fix [1]. This process typically includes three key stages:

1. Patch Differential Analysis (Patch Diffing): This step compares the binary code of the unpatched and patched software versions to identify modifications made by the vendor [1]. Tools like Ghidra, BinDiff, and Binary Ninja assist in highlighting changes in functions or code blocks [1]. Identifying these differences helps locate the code adjusted to fix the vulnerability, revealing the likely site of the issue and focusing subsequent analysis [1].

2. Reverse Engineering (RE): After locating the patch-adjusted code, deeper analysis is performed to understand the surrounding program logic, relevant data structures, and conditions required to trigger the vulnerability [1]. RE employs static analysis (e.g., disassembly) and dynamic analysis (e.g., code execution observation with tools like WinDbg or Frida) [1]. The objective is to map the control flow to the vulnerable code path and identify inputs or states required to exploit it. This stage often classifies the vulnerability, such as memory corruption (e.g., use-after-free, heap overflow, buffer overflow) or logic flaws [2].

3. Proof-of-Concept (PoC) Development: Using insights gained during RE, a PoC exploit is crafted to reliably trigger the vulnerability [1]. A PoC might crash an application, leak sensitive data, or divert execution flow [22]. Publicly available code and AI tools can expedite the creation of PoC exploits [22]. This stage races against defenders' efforts to deploy patches [1].

LLMs have demonstrated significant potential in accelerating this process. Their capabilities align with key tasks in exploit development, including recognizing patterns for patch diffing, logical deduction for reverse engineering, and code generation for PoC development [3]. Additionally, their proficiency in processing natural language artifacts like release notes and CVE descriptions enhances their ability to extract and apply contextual information about patches [1][3]. This synergy allows LLMs to interpret patch intent quickly, providing valuable guidance for subsequent technical analysis.

3. AI as an Accelerator

The capabilities of LLMs in code and language understanding position them as powerful tools capable of accelerating multiple stages of the exploit development lifecycle, particularly when targeting known vulnerabilities revealed by patches. This section explores how LLMs assist in this process and reviews documented evidence of their effectiveness.

3.1. LLM-Driven Acceleration of Patch Analysis and Exploit Crafting

LLMs significantly accelerate the initial analysis of software patches by processing patch diff outputs alongside natural language artifacts such as commit messages, release notes, and CVE descriptions. This enables LLMs to quickly identify security-relevant code changes and assist analysts in understanding the nature of the addressed vulnerability [5]. They also support root cause analysis, helping to determine how a vulnerability could be exploited [1]. Security firms already leverage LLMs to analyze public code changes and documentation to identify "silent patches"—undisclosed security fixes by vendors—demonstrating their utility in parsing and interpreting patch-related data [19].

Although fully autonomous reverse engineering (RE) remains challenging, LLMs provide valuable assistance during the RE process. They simplify complex or unfamiliar code sections, suggest execution paths leading to vulnerable functions, and propose inputs that may trigger specific conditions required to exploit vulnerabilities [3]. This reduces the manual effort involved in program analysis, enabling analysts to focus on the intricate aspects of vulnerability exploration.

One of the most impactful contributions of LLMs lies in generating initial exploit code. After identifying the vulnerability's type, location, and trigger conditions—often through LLM-enabled analysis of patches and CVE descriptions—LLMs can generate boilerplate code or functional proof-of-concept (PoC) scripts [5]. These scripts, written in languages like Python or C, can interact with target applications to exploit identified flaws. This capability significantly shortens the timeline to move from understanding a vulnerability to creating a working PoC, reducing the process from days or weeks to mere hours [20]. This includes integrated LLM-based systems and agents designed to automate vulnerability management. These systems combine capabilities like code interpretation, terminal interactions, and Retrieval-Augmented Generation (RAG) to analyze CVE intelligence and verify exploit impacts [27].

3.2. Real-World Demonstrations and Proofs-of-Concept

The potential for LLMs to accelerate exploit development is supported by concrete evidence from studies and real-world examples. Fang et al. (2024) conducted a groundbreaking study on the autonomous exploitation of "one-day" vulnerabilities by LLM agents [5]. The researchers created a benchmark of 15 real-world vulnerabilities across web applications, container software, and Python packages, sourced from the CVE database and academic literature [5]. They tested models such as GPT-4, GPT-3.5, several open-source LLMs, and traditional vulnerability scanners like ZAP and Metasploit [6].

The results were notable. GPT-4, equipped with essential tools (web browsing, terminal access, file editing, code interpreter) and operating within a ReAct agent framework (91 lines of code), successfully exploited 87% of the vulnerabilities when provided with CVE descriptions [5]. In comparison, other LLMs and traditional scanners achieved a 0% success rate on this benchmark [5]. When CVE descriptions were withheld, GPT-4’s success rate dropped to 7%, highlighting its reliance on descriptive vulnerability information [5]. Additionally, 11 of the 15 vulnerabilities were disclosed after GPT-4’s knowledge cutoff date, demonstrating its capability to work effectively with newly provided data [5]. A preliminary cost analysis revealed that employing the LLM agent was significantly cheaper than estimated human labor costs for similar tasks [5].

Other research supports these findings. The OWASP Foundation has examined the capabilities of LLMs like GPT-4 and Claude in offensive cybersecurity tasks, using benchmarks such as the OWASP Juice Shop application [30]. This research underscores how LLM-specific vulnerabilities, such as prompt injection, can bypass safety mechanisms like "jailbreaking" [30]. A notable example involved a security researcher in April 2025 using GPT-4 to analyze the patch diff for Erlang's SSH library (CVE-2025-32433) [20]. By providing patch code changes, the researcher generated a functional Python PoC exploit within a single afternoon [20]. However, this success depended entirely on access to the patch diff [20].

Further investigations explore LLMs in complementary areas, including enhancing software fuzzing for vulnerability discovery [32], analyzing malware [4], and developing multi-agent systems for security tasks [27]. Some initiatives are studying teams of LLM agents to address zero-day vulnerability exploitation, attempting to overcome limitations seen in solo agent operations [34].

These developments emphasize the growing role of AI in identifying and exploiting software flaws. Current demonstrations rely heavily on the availability and quality of input data, such as CVE descriptions or patch code. This makes vulnerability disclosure practices and threat intelligence dissemination critical factors in determining exploit development speed [5]. The integration of agentic frameworks, allowing LLMs to interact autonomously with tools and environments, represents a key advancement enabling automated exploitation [5].

4. Implications for Defenders

The demonstrated ability of LLMs to accelerate the transformation of patches into exploits carries significant implications for cybersecurity defenders, primarily by compressing the already narrow window available for response and remediation.

4.1. The Compressed Response Timeline: Impact on Patch Management

The primary challenge of AI-accelerated exploit development is the significant reduction in time between a vulnerability's public disclosure (often via a patch release) and the emergence of functional exploit code [1]. This compression directly impacts defenders' timelines for critical patch management tasks, including risk assessment, stability and compatibility testing, and deploying patches across complex networks [7]. A window previously measured in weeks or months could now shrink to days or hours for vulnerabilities targeted by AI-driven attackers.

Industry reports highlight the growing urgency in patching timelines, even without widespread AI acceleration. The Verizon 2025 Data Breach Investigations Report (DBIR) noted that vulnerability exploitation became the initial access vector in 20% of breaches, a 34% increase from the previous year [35]. The median time for organizations to remediate vulnerabilities on critical edge devices, such as VPNs and firewalls (which experienced an eight-fold increase in targeting), was 32 days [35]. Alarmingly, the median Time-To-Exploit (TTE) for vulnerabilities added to CISA's Known Exploited Vulnerabilities (KEV) catalog was effectively zero days, with exploitation occurring on or before the CVE's publication [35]. VulnCheck data from 2024 and Q1 2025 revealed that 24–28% of newly reported KEVs were exploited within one day of disclosure [40]. Historical analyses also found exploitation often occurred within the first month after disclosure [42].

LLMs, such as GPT-4, have demonstrated the ability to rapidly generate exploits for known vulnerabilities when provided with descriptive information [5]. This capability could normalize compressed exploitation timelines, particularly for high-risk or easily targeted flaws. Organizations with slower or traditional patching processes, especially those managing internet-facing systems, face increased risk [7]. Consequently, security teams are under greater pressure to adopt faster, more efficient workflows for risk assessment, exploitability-based patch prioritization, streamlined testing, and rapid deployment [35]. Traditional approaches relying on periodic scans and lengthy remediation cycles appear increasingly inadequate against near-instantaneous exploit availability. A strategic shift toward rapid, intelligence-driven remediation and attack surface reduction is essential, particularly for high-risk assets like edge devices [35].

The democratization of AI lowers the skill threshold for weaponizing known vulnerabilities [5], further exacerbating challenges for resource-constrained organizations, such as small and medium-sized businesses (SMBs) [37]. Lacking dedicated security teams, mature processes, or budgets for advanced defensive tools, SMBs could become prime targets for attackers leveraging AI-driven exploits [44]. If staying competitive requires adopting costly or complex AI-driven defenses [45], the gap between well-resourced enterprises and smaller organizations may widen, making SMBs more vulnerable.

5. Reality Check and Countermeasures

While the potential for AI to accelerate exploit development is significant, it is crucial to maintain a balanced perspective by acknowledging the current limitations of the technology. Simultaneously, defenders must proactively adopt countermeasures to mitigate the heightened risks.

5.1. Assessing True Capabilities: Limitations of LLMs in Exploit Generation

While LLMs have demonstrated remarkable capabilities, they face notable limitations in exploit development. A key challenge is their inability to discover truly novel (zero-day) vulnerabilities or develop exploits for highly complex vulnerability classes, particularly those requiring intricate multi-step exploit chains or innovative techniques [5]. Their success, as highlighted in studies like Fang et al. [5], often depends on prior information, such as CVE descriptions or patch diffs, or the recognition of patterns from training data, rather than fundamental, first-principles reasoning about security flaws [32]. LLMs also struggle with obfuscated code, with performance declining significantly as code complexity increases [3].

Another significant limitation lies in the quality and security of the code generated by LLMs. Studies show that LLM-generated code frequently contains bugs and security vulnerabilities [44]. For instance, the CyberSecEval benchmark revealed that LLMs suggested insecure code in approximately 30% of test cases, with some advanced models more prone to proposing flawed solutions [47]. This issue arises partly because LLMs lack a thorough understanding of secure coding principles and are trained on extensive datasets that may include insecure code from public repositories [46].

Human expertise remains essential. Skilled security researchers and exploit developers are required to validate LLM outputs, correct errors, and perform the strategic decision-making necessary for reliable exploit development, particularly for sophisticated targets [8]. Currently, LLMs function as powerful tools that amplify human capabilities rather than as standalone replacements. Performance also varies widely across models (e.g., GPT-4 consistently outperformed others in exploit-related tasks [3]), depends heavily on prompt quality [10], and is prone to issues such as "hallucinations" (producing incorrect or nonsensical information) [48]. Additionally, LLMs are vulnerable to adversarial manipulation, such as prompt injection ("jailbreaking") and data poisoning during training [46].

5.2. Fortifying Defenses Against AI-Accelerated Threats

Given the shrinking response times and the evolving capabilities of AI-driven attacks, defenders must adapt by implementing a multi-layered strategy incorporating technology, process improvements, and human factors.

Accelerated Patching and Vulnerability Management: The most direct countermeasure to reduce attackers' opportunities is to accelerate patch deployment [35]. This requires transitioning from traditional, slow patching cycles to agile, risk-based approaches. AI-powered tools can automate vulnerability scanning, prioritize remediation based on real-time exploitability data (e.g., EPSS scores [40]) and potential business impact, and assist in patch generation or deployment [29]. However, AI-generated patches must undergo rigorous testing and validation to avoid introducing new vulnerabilities [46].

AI-Driven Cyber Defense: Defenders must leverage AI to counter AI-enhanced threats, escalating the technological arms race [8]. Defensive AI applications include real-time anomaly detection in network traffic, user behavior, and endpoint activity to identify deviations from normal patterns [53]. AI improves phishing detection through advanced NLP analysis of emails and messages [18]. It can also automate incident responses, such as isolating compromised systems or blocking malicious IPs, reducing reaction time [45]. AI-powered Security Operations Centers (SOCs) streamline tasks, prioritize alerts, and provide enriched context for human analysts [53]. Many vendors now offer AI-infused platforms for endpoint detection and response (EDR/XDR), cloud security, and threat detection [45].

Enhanced Threat Intelligence: Timely and actionable threat intelligence is critical for prioritizing defensive measures. Organizations need mechanisms to consume and integrate real-time data on exploited vulnerabilities, such as the CISA KEV catalog [40], and exploitability predictions like EPSS [40]. AI enhances threat intelligence processing by analyzing vast amounts of structured and unstructured data, including dark web monitoring [54]. Retrieval-Augmented Generation (RAG) systems, integrated with continuous threat feeds, offer promise for dynamic threat information management [52].

Secure by Design and Development Practices: A shift toward building security into the development process is essential. CISA's Secure by Design initiative emphasizes principles such as manufacturer accountability, transparency, and secure defaults (e.g., mandatory MFA) [58]. These principles should also guide AI system development, incorporating secure MLSecOps practices, robust data and model governance, input validation, output monitoring, adversarial training to enhance robustness, and AI red teaming to identify weaknesses proactively [27].

Proactive Defense Strategies: Established proactive security measures remain critical. Implementing Zero Trust architectures, which assume no implicit trust, helps contain breaches [56]. Robust identity and access management (IAM) [54], network segmentation to limit lateral movement [48], continuous system and network monitoring [43], and security awareness training to detect sophisticated phishing attempts are essential components of a resilient defense [36].

No single technology or process provides a complete solution. Countering AI-accelerated threats requires an integrated approach that combines advanced technologies, such as AI-driven defense and rapid patching, with improved processes like Secure by Design and real-time threat intelligence integration. All efforts must be supported by skilled human oversight and continuous adaptation.

6. Conclusion

Integrating Large Language Models in Cybersecurity

The use of Large Language Models (LLMs) in cybersecurity highlights both opportunities and challenges associated with advancing technology. LLMs have demonstrated exceptional capabilities in accelerating the development of exploits for publicly disclosed vulnerabilities [3]. By significantly reducing the time needed to create proof-of-concept (PoC) exploits based on detailed vulnerability information, they are reshaping the threat landscape. However, this efficiency compresses the response window for defenders, placing additional strain on patch management processes [35].

Balancing Potential and Limitations

It is crucial to balance these capabilities with an understanding of the limitations of LLMs. They face substantial challenges in identifying zero-day vulnerabilities and crafting reliable exploits for complex flaws [5]. Their success depends heavily on high-quality input and clear prompts, and their output often requires validation by skilled professionals. Additionally, LLMs frequently generate insecure or buggy code, emphasizing the irreplaceable role of human expertise in cybersecurity operations [5][46]. Currently, LLMs serve as assistive tools, complementing rather than replacing human professionals.

Adapting to an AI-Accelerated Threat Landscape

The use of AI tools by attackers requires defenders to adopt equally innovative and prepared strategies. Intelligence-driven, accelerated patch management is critical to narrowing the window of opportunity for attackers [8]. AI-powered solutions enhance vulnerability scanning, exploit prioritization, and patch application, ensuring faster responses to emerging threats [35][53]. Additionally, integrating AI-powered tools for threat intelligence, anomaly detection, and response automation allows defenders to keep pace with increasingly sophisticated attacks.

A holistic cybersecurity approach is essential:

• Secure by Design Principles: Security must become an integral part of all software and AI systems.

• Proactive Defense Strategies: Implementing Zero Trust architectures, robust identity and access management (IAM), and network segmentation are vital to limiting breach impacts.

• AI-Driven Threat Intelligence: Leveraging AI to monitor and analyze vast amounts of threat data provides real-time insights for countering emerging risks [8][52].

The Path Forward

The cybersecurity community stands at a critical juncture of innovation and risk. Navigating a future shaped by an AI-driven arms race demands vigilance, collaboration, and strategic investments in both technological and human resources. While LLMs present challenges, they also offer opportunities to enhance defensive capabilities, provided their integration into workflows is carefully managed and guided by robust oversight.

Organizations must adopt unified and adaptive strategies to address the growing complexities of AI-accelerated threats. This enables them to not only respond effectively but also anticipate and mitigate risks proactively in an evolving landscape.

References

1.     Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary ..., accessed April 27, 2025, https://www.ibm.com/think/x-force/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock

2.     SEC760: Advanced Exploit Development for Penetration Testers - SANS Institute, accessed April 27, 2025, https://www.sans.org/cyber-security-courses/advanced-exploit-development-penetration-testers/

3.     www.usenix.org, accessed April 27, 2025, https://www.usenix.org/system/files/sec24fall-prepub-2205-fang.pdf

4.     Large Language Models for Cyber Security: A Systematic Literature Review - arXiv, accessed April 27, 2025, https://arxiv.org/html/2405.04760v3

5.     Can Autonomous LLM Agents Exploit One Day Vulnerabilities? - IONIX, accessed April 27, 2025, https://www.ionix.io/blog/autonomous-llm-exploit-one-day-vulnerabilities-arxiv-2404-08144-explained/

6.     LLM Agents can Autonomously Exploit One-day Vulnerabilities - arXiv, accessed April 27, 2025, https://arxiv.org/html/2404.08144v1

7.     Using AI/ML for Vulnerability Research - SANS Institute, accessed April 27, 2025, https://www.sans.org/webcasts/using-ai-ml-for-vulnerability-research/

8.     2025 Forecast: AI to supercharge attacks, quantum threats grow ..., accessed April 27, 2025, https://www.scworld.com/feature/cybersecurity-threats-continue-to-evolve-in-2025-driven-by-ai

9.     [2404.08144] LLM Agents can Autonomously Exploit One-day Vulnerabilities - ar5iv - arXiv, accessed April 27, 2025, https://ar5iv.labs.arxiv.org/html/2404.08144

10.  Large Language Models (LLMs) for Source Code Analysis: applications, models and datasets - arXiv, accessed April 27, 2025, https://arxiv.org/html/2503.17502v1

11.  Large Language Models for Code Generation: A Comprehensive Survey of Challenges, Techniques, Evaluation, and Applications - arXiv, accessed April 27, 2025, https://arxiv.org/html/2503.01245v2

12.  A Survey On Large Language Models For Code Generation - arXiv, accessed April 27, 2025, https://www.arxiv.org/pdf/2503.01245

13.  How Accurately Do Large Language Models Understand Code? - arXiv, accessed April 27, 2025, https://arxiv.org/html/2504.04372v1

14.  Large Language Models (LLMs) for Source Code Analysis: applications, models and datasets - ResearchGate, accessed April 27, 2025, https://www.researchgate.net/publication/390143194_Large_Language_Models_LLMs_for_Source_Code_Analysis_applications_models_and_datasets

15.  Large Language Models (LLMs) for Source Code Analysis: applications, models and datasets - ResearchGate, accessed April 27, 2025, https://www.researchgate.net/publication/390143194_Large_Language_Models_LLMs_for_Source_Code_Analysis_applications_models_and_datasets/download

16.  L2CEval: Evaluating Language-to-Code Generation Capabilities of Large Language Models, accessed April 27, 2025, https://direct.mit.edu/tacl/article/doi/10.1162/tacl_a_00705/124835/L2CEval-Evaluating-Language-to-Code-Generation

17.  [2503.01245] Large Language Models for Code Generation: A Comprehensive Survey of Challenges, Techniques, Evaluation, and Applications - arXiv, accessed April 27, 2025, https://arxiv.org/abs/2503.01245

18.  From Vulnerability to Defense: The Role of Large Language Models in Enhancing Cybersecurity - MDPI, accessed April 27, 2025, https://www.mdpi.com/2079-3197/13/2/30

19.  Using LLMs to discover vulnerabilities in open-source packages : r/cybersecurity - Reddit, accessed April 27, 2025, https://www.reddit.com/r/cybersecurity/comments/1hdg3ul/using_llms_to_discover_vulnerabilities_in/

20.  AI models can generate exploit code at lightning speed - The Register, accessed April 27, 2025, https://www.theregister.com/2025/04/21/ai_models_can_generate_exploit/

21.  Behind the Scenes of the Adversary Exploit Process - Recorded Future, accessed April 27, 2025, https://www.recordedfuture.com/blog/adversary-exploit-process

22.  Patch Diffing In The Dark: Reverse Engineering Modern CVEs - Ringzer0, accessed April 27, 2025, https://ringzer0.training/bootstrap25-patch-diffing-in-the-dark/

23.  PatchScope: Memory Object Centric Patch Diffing - Computer Science and Engineering, accessed April 27, 2025, https://www.cs.ucr.edu/~heng/pubs/PatchScope_ccs20.pdf

24.  Reverse Engineering in Cybersecurity: Key Insights and Strategies - Apriorit, accessed April 27, 2025, https://www.apriorit.com/dev-blog/reverse-engineering-in-cybersecurity

25.  Large Language models for malware code analysis - arXiv, accessed April 27, 2025, https://arxiv.org/html/2504.07137v1

26.  Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering - ResearchGate, accessed April 27, 2025, https://www.researchgate.net/publication/390671720_Large_Language_Model_LLM_for_Software_Security_Code_Analysis_Malware_Analysis_Reverse_Engineering

27.  CrowdStrike Research: Securing AI-Generated Code with Multiple Self-Learning AI Agents, accessed April 27, 2025, https://www.crowdstrike.com/en-us/blog/secure-ai-generated-code-with-multiple-self-learning-ai-agents/

28.  LLM agents for vulnerability identification and verification of CVEs - CEUR-WS.org, accessed April 27, 2025, https://ceur-ws.org/Vol-3920/paper09.pdf

29.  NVIDIA-AI-Blueprints/vulnerability-analysis: Rapidly identify and mitigate container security vulnerabilities with generative AI. - GitHub, accessed April 27, 2025, https://github.com/NVIDIA-AI-Blueprints/vulnerability-analysis

30.  OWASP LLM Exploit Generation v1.0, accessed April 27, 2025, https://genai.owasp.org/resource/owasp-llm-exploit-generation-v1-0-pdf/

31.  OWASP Gen AI Incident & Exploit Round-up, Jan-Feb 2025, accessed April 27, 2025, https://genai.owasp.org/2025/03/06/owasp-gen-ai-incident-exploit-round-up-jan-feb-2025/

32.  Generative AI in Cybersecurity | Centre for Emerging Technology ..., accessed April 27, 2025, https://cetas.turing.ac.uk/publications/generative-ai-cybersecurity

33.  When LLMs Meet Cybersecurity: A Systematic Literature Review - arXiv, accessed April 27, 2025, https://arxiv.org/html/2405.03644v2

34.  Teams of LLM Agents can Exploit Zero-Day Vulnerabilities - arXiv, accessed April 27, 2025, https://arxiv.org/html/2406.01637v2

35.  The Verizon 2025 Data Breach Investigations Report (DBIR): Six ..., accessed April 27, 2025, https://blog.qualys.com/qualys-insights/2025/04/22/the-verizon-2025-data-breach-investigations-report-dbir-six-trends-you-cant-ignore

36.  2025 Verizon DBIR: Key Facts, Trends & Statistics - Keepnet, accessed April 27, 2025, https://keepnetlabs.com/blog/2025-verizon-data-breach-investigations-report

37.  Verizon's 2025 Data Breach Investigations Report: Alarming surge in cyberattacks through third-parties | News Release, accessed April 27, 2025, https://www.verizon.com/about/news/2025-data-breach-investigations-report

38.  Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends - Blog, accessed April 27, 2025, https://www.tenable.com/blog/verizon-2025-dbir-tenable-research-collaboration

39.  FBI IC3, Verizon DBIR, Google M-Trends reports are out—here's the conclusions! - Risky Biz News, accessed April 27, 2025, https://news.risky.biz/risky-bulletin-fbi-ic3-verizon-dbir-google-m-trends-reports-are-out-heres-the-conclusions/

40.  2025 Q1 Trends in Vulnerability Exploitation | Blog - VulnCheck, accessed April 27, 2025, https://vulncheck.com/blog/exploitation-trends-q1-2025

41.  2024 Trends in Vulnerability Exploitation | Blog - VulnCheck, accessed April 27, 2025, https://vulncheck.com/blog/2024-exploitation-trends

42.  Analysis of Time-to-Exploit Trends: 2021-2022 | Mandiant | Google Cloud Blog, accessed April 27, 2025, https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2021-2022/

43.  The Impact of AI on Software Supply Chain Security, accessed April 27, 2025, https://scribesecurity.com/blog/the-impact-of-ai-on-software-supply-chain-security/

44.  Cybersecurity Risks of AI-Generated Code - CSET, accessed April 27, 2025, https://cset.georgetown.edu/wp-content/uploads/CSET-Cybersecurity-Risks-of-AI-Generated-Code.pdf

45.  7 Best AI Cybersecurity Tools for Your Company - Legit Security, accessed April 27, 2025, https://www.legitsecurity.com/aspm-knowledge-base/best-ai-cybersecurity-tools

46.  Large Language Models and Code Security: A Systematic Literature Review - arXiv, accessed April 27, 2025, https://arxiv.org/html/2412.15004v1

47.  Every 1 of 3 AI-Generated Code Is Vulnerable: Exploring Insights ..., accessed April 27, 2025, https://socradar.io/every-1-of-3-ai-generated-code-is-vulnerable-exploring-insights-with-cyberseceval/

48.  Mitigating the Top 10 Vulnerabilities in AI Agents - XenonStack, accessed April 27, 2025, https://www.xenonstack.com/blog/vulnerabilities-in-ai-agents

49.  LLM4Shell: Discovering and Exploiting RCE Vulnerabilities in Real-World LLM- Integrated Frameworks and Apps - Black Hat, accessed April 27, 2025, https://i.blackhat.com/Asia-24/Presentations/bh-asia-2024-llm4shell.pdf?_gl=1*lfjimg*_gcl_au*MjEyNjc0MzYwNC4xNzMxMTM3MDA2*_ga*MTM5MTcwNjc4OS4xNzMxMTM3MDA2*_ga_K4JK67TFYV*MTczMTEzNzAwNi4xLjEuMTczMTEzNzg4OS4wLjAuMA..&_ga=2.89155611.1863731842.1731137007-1391706789.1731137006

50.  NIST Unveils Final AI Security Guidelines to Combat Cyber Threats ..., accessed April 27, 2025, https://cdn.meritalk.com/articles/nist-unveils-final-ai-security-guidelines-to-combat-cyber-threats/

51.  Vulnerabilities of Large Language Models to Adversarial Attacks: ACL 2024 Tutorial, accessed April 27, 2025, https://llm-vulnerability.github.io/

52.  LLM-Assisted Proactive Threat Intelligence for Automated Reasoning - arXiv, accessed April 27, 2025, https://arxiv.org/html/2504.00428v1

53.  Impact of AI on the global cyber threat landscape - ET CIO, accessed April 27, 2025, https://cio.economictimes.indiatimes.com/news/artificial-intelligence/impact-of-ai-on-the-global-cyber-threat-landscape/118578156

54.  AI in Cybersecurity: 13 Examples and Use Cases - Perception Point, accessed April 27, 2025, https://perception-point.io/guides/ai-security/ai-in-cybersecurity-examples-use-cases/

55.  How to Prevent AI-Powered Cyber Attacks? - SentinelOne, accessed April 27, 2025, https://www.sentinelone.com/cybersecurity-101/threat-intelligence/how-to-prevent-ai-powered-cyber-attacks/

56.  AI-Driven Threat Detection: Revolutionizing Cyber Defense - Zscaler, accessed April 27, 2025, https://www.zscaler.com/blogs/product-insights/ai-driven-threat-detection-revolutionizing-cyber-defense

57.  Cisco CSLU Critical Flaw Added to KEV; Oracle Faces Class Action Suit; Ivanti Buffer Overflow Exploited for RCE - SANS Institute, accessed April 27, 2025, https://www.sans.org/newsletters/newsbites/xxvii-26/

58.  Artificial Intelligence | CISA, accessed April 27, 2025, https://www.cisa.gov/ai

59.  Secure by Design - Protect AI, accessed April 27, 2025, https://protectai.com/secure-by-design

60.  CISA Secure by Design Pledge: Principles and Best Practices | Sternum IoT, accessed April 27, 2025, https://sternumiot.com/iot-blog/cisa-secure-by-design-pledge-principles-and-best-practices/

61.  Building Secure by Design AI Systems: A Defense in Depth - Protect AI, accessed April 27, 2025, https://protectai.com/blog/building-secure-by-design-defense

62.  The double-edged sword of AI in cybersecurity: driving efficiency gains, meeting compliance requirements and navigating greater risk, accessed April 27, 2025, https://www.cybersecuritydive.com/spons/the-double-edged-sword-of-ai-in-cybersecurity-driving-efficiency-gains-me/736239/

63.  (PDF) SoK: Towards Effective Automated Vulnerability Repair - ResearchGate, accessed April 27, 2025, https://www.researchgate.net/publication/388633559_SoK_Towards_Effective_Automated_Vulnerability_Repair

64.  Pilot for Artificial Intelligence Enabled Vulnerability Detection - CISA, accessed April 27, 2025, https://www.cisa.gov/resources-tools/resources/pilot-artificial-intelligence-enabled-vulnerability-detection

65.  cybersecurity — Latest News, Reports & Analysis | The Hacker News, accessed April 27, 2025, https://thehackernews.com/search/label/cybersecurity?updated-max=2023-04-24T19:30:00%2B05:30&max-results=20&start=1899&by-date=false&m=1

66.  Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector - U.S. Department of the Treasury, accessed April 27, 2025, https://home.treasury.gov/system/files/136/Managing-Artificial-Intelligence-Specific-Cybersecurity-Risks-In-The-Financial-Services-Sector.pdf

67.  Risks and Mitigation Strategies for Adversarial Artificial Intelligence Threats: A DHS S&T Study - Homeland Security, accessed April 27, 2025, https://www.dhs.gov/sites/default/files/2023-12/23_1222_st_risks_mitigation_strategies.pdf

68.  LLM and its increasing relevance in cyber security - FIRM e.V., accessed April 27, 2025, https://firm.fm/en/paper/llm-and-its-increasing-relevance-in-cyber-security/

69.  [2503.17502] Large Language Models (LLMs) for Source Code Analysis: applications, models and datasets - arXiv, accessed April 27, 2025, https://arxiv.org/abs/2503.17502

70.  A Survey On Large Language Models For Code Generation - arXiv, accessed April 27, 2025, https://arxiv.org/html/2503.01245v1

71.  [2412.15004] From Vulnerabilities to Remediation: A Systematic Literature Review of LLMs in Code Security - arXiv, accessed April 27, 2025, https://arxiv.org/abs/2412.15004

72.  Large Language Models and Code Security: A Systematic Literature Review - arXiv, accessed April 27, 2025, https://arxiv.org/pdf/2412.15004

73.  Large Language Models and Code Security: A Systematic Literature Review, accessed April 27, 2025, https://www.semanticscholar.org/paper/Large-Language-Models-and-Code-Security%3A-A-Review-Basic-Giaretta/2b5b40477dfd9ee49f1e2b26c28daf35d17d1910

74.  CVE-Bench: A Benchmark for AI Agents' Ability to Exploit Real-World Web Application Vulnerabilities - arXiv, accessed April 27, 2025, https://arxiv.org/html/2503.17332v3

75.  (PDF) Code Change Intention, Development Artifact and History Vulnerability: Putting Them Together for Vulnerability Fix Detection by LLM - ResearchGate, accessed April 27, 2025, https://www.researchgate.net/publication/388423077_Code_Change_Intention_Development_Artifact_and_History_Vulnerability_Putting_Them_Together_for_Vulnerability_Fix_Detection_by_LLM

76.  Exploring the Role of Large Language Models in Cybersecurity: A Systematic Survey - arXiv, accessed April 27, 2025, https://arxiv.org/html/2504.15622v1

77.  COMPSCI 590AF Reverse Engineering & Understanding Exploit Development, accessed April 27, 2025, https://infosec.cs.umass.edu/compsci590af