"ExploitGym consists of 898 real vulnerabilities found in applications, Google's V8 JavaScript engine, and the Linux kernel. Its workout consists of presenting an AI agent with a vulnerability and proof-of-concept input that triggers it, to see whether the agent can create an exploit capable of arbitrary code execution."
"According to the UC Berkeley Center for Responsible Decentralized Intelligence, Mythos Preview successfully exploited 157 test instances and GPT-5.5 managed 120 in the allotted two-hour window."
"Sure, AI agents such as Mythos can find security vulnerabilities in software, but the bigger question is whether they can turn those flaws into functional exploits that work in the real world. After all, many AI-discovered bugs prove minor or difficult to weaponize. New research, however, suggests frontier models can indeed develop working exploits when directed to do so."
"To better understand the rapidly changing security landscape, computer scientists from UC Berkeley, Max Planck Institute for Security and Privacy, UC Santa Barbara, Arizona State University, Anthropic, OpenAI, and Google decided to build ExploitGym, a benchmark for evaluating the exploitation capabilities of AI agents."
ExploitGym is a benchmark for evaluating whether AI agents can turn security vulnerabilities into real-world attacks. The benchmark uses 898 real vulnerabilities from applications, the V8 JavaScript engine, and the Linux kernel. Each test presents an AI agent with a vulnerability and a proof-of-concept input that triggers it, then measures whether the agent can produce an exploit that achieves arbitrary code execution. Results show that Mythos Preview exploited 157 test instances and GPT-5.5 exploited 120 within a two-hour window. The findings indicate that frontier models can develop functional exploits when directed to do so, not just identify minor or hard-to-weaponize bugs.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]