LLM Brokers can Autonomously Hack Web sites
Summary: Lately, giant language fashions (LLMs) have change into more and more succesful and may now work together with instruments (i.e., name features), learn paperwork, and recursively name themselves. Because of this, these LLMs can now perform autonomously as brokers. With the rise in capabilities of those brokers, current work has speculated on how LLM brokers would have an effect on cybersecurity. Nevertheless, not a lot is understood in regards to the offensive capabilities of LLM brokers.
On this work, we present that LLM brokers can autonomously hack web sites, performing duties as advanced as blind database schema extraction and SQL injections with out human suggestions. Importantly, the agent doesn’t have to know the vulnerability beforehand. This functionality is uniquely enabled by frontier fashions which might be extremely able to software use and leveraging prolonged context. Specifically, we present that GPT-4 is able to such hacks, however present open-source fashions usually are not. Lastly, we present that GPT-4 is able to autonomously discovering vulnerabilities in web sites within the wild. Our findings elevate questions in regards to the widespread deployment of LLMs.
Author: CISO2CISO Editor 2
Date: 2024-02-24 22:59:16