CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Commercial AI models achieve autonomous vulnerability discovery and exploit generation in 2026

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Commercial AI models have reached a milestone in 2026 where all tested systems can autonomously complete vulnerability research tasks and 50% can generate working exploits without manual intervention. In contrast, 55% of models failed basic vulnerability research and 93% failed exploit development in 2025. Leading models such as Claude Opus 4.6 and Kimi K2.5 demonstrate the ability to discover and exploit vulnerabilities using simple prompts, significantly lowering the barrier for inexperienced attackers. Testing by Forescout’s Verde Labs identified four previously unknown zero-day vulnerabilities in OpenNDS, including one missed during prior manual analysis, using a combination of single prompts, the RAPTOR agentic framework, and proprietary extensions. The results underscore the rapid advancement of AI-driven vulnerability discovery and its implications for both offensive and defensive cybersecurity operations.

Timeline

  1. 17.04.2026 16:20 1 articles · 2h ago

    AI models achieve autonomous exploit generation, revealing new zero-days in OpenNDS

    Forescout’s Verde Labs reported that in 2026, commercial AI models such as Claude Opus 4.6 and Kimi K2.5 can autonomously complete vulnerability research and generate working exploits. Using the RAPTOR agentic framework and proprietary extensions, the team discovered four zero-day vulnerabilities in OpenNDS, including one overlooked by prior manual analysis. The results demonstrate AI’s growing role in identifying and exploiting software flaws, with accessible commercial models lowering the barrier for potential attackers. Cost comparisons highlight a divergent landscape where high-capability models remain expensive ($25 per million tokens) but open-source alternatives offer low-cost alternatives for basic tasks ($0.70 or less).

    Show sources
    Open in new tab

Information Snippets

  • In 2025, 55% of tested AI models failed basic vulnerability research tasks and 93% failed exploit development, while in 2026 all tested models completed vulnerability research tasks and 50% could autonomously generate working exploits.

    First reported: 17.04.2026 16:20
    1 source, 1 article
    Show sources

  • Tested models included 50 commercial, open-source, and underground AI models, with top performers being Claude Opus 4.6 and Kimi K2.5.

    First reported: 17.04.2026 16:20
    1 source, 1 article
    Show sources

  • Using single prompts and the RAPTOR agentic framework, Forescout’s Verde Labs discovered four new zero-day vulnerabilities in OpenNDS, a widely deployed software component.

    First reported: 17.04.2026 16:20
    1 source, 1 article
    Show sources

  • One of the zero-day vulnerabilities found by AI was not identified during prior manual code analysis by Verde Labs, highlighting AI’s capability to uncover overlooked flaws.

    First reported: 17.04.2026 16:20
    1 source, 1 article
    Show sources

  • Claude Opus 4.6 costs up to $25 per million output tokens, while open-source models like DeepSeek 3.2 can perform basic tasks for less than $0.70 per all tasks tested.

    First reported: 17.04.2026 16:20
    1 source, 1 article
    Show sources

  • The RAPTOR agentic framework is an open-source tool designed for cybersecurity research, offense, and defense, enabling autonomous vulnerability discovery workflows.

    First reported: 17.04.2026 16:20
    1 source, 1 article
    Show sources