general · BleepingComputer
Intruder's security research team describes an automated pipeline for discovering vulnerabilities using large language models paired with traditional code-scanning frameworks. The team developed a "program slicing" technique to focus LLM analysis on specific code paths rather than entire codebases, reducing token overhead and improving accuracy. They tested this pipeline against the top 200 WordPress plugins and reported discovering a remote, multi-stage SQL injection zero-day affecting a plugin with over 300,000 users. The team states the entire discovery-to-exploitation process was automated without human intervention.
This development carries implications for risk management across Omniware's buyer base. Defense contractors handling controlled unclassified information should recognize that automated vulnerability discovery may accelerate the threat landscape for dependencies in their supply chain. SaaS organizations in SOC2 observation should consider that their third-party plugin and library ecosystems face increased discovery velocity. Healthcare providers subject to HIPAA and fintechs under NYDFS oversight must assume popular open-source and commercial plugins are being scanned at scale; inventory management and patch cadence become more critical. An Omniware engagement can help scope the impact on your dependency tree and prioritize monitoring strategies.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/
Source: BleepingComputer
All briefings