Two Israeli cybersecurity researchers have built an AI system that creates working exploits for software vulnerabilities in as little as 15 minutes. This breakthrough highlights how automation could overwhelm defenders by turning flaws into attacks at machine speed.
The Rise of Auto Exploit
Researchers Nahman Khayet and Efi Weiss developed Auto Exploit in just a few weeks using free time and minimal costs. The system analyzes vulnerability advisories and code patches to generate proof-of-concept exploits quickly.
It relies on large language models like Anthropic’s Claude to break down details and build test applications. In tests, it handled 14 open-source vulnerabilities, some in under 15 minutes, at about one dollar per exploit.
This low barrier means even solo hackers could scale up efforts. Nation-state actors might exploit thousands of flaws rapidly.
The project shows AI lowers the skill needed for advanced attacks. Defenders face pressure to patch faster than ever.
How AI Automates Vulnerability Attacks
Auto Exploit starts with prompts to an AI model, feeding in CVE details and patches from public repositories. The AI then creates a vulnerable app, crafts exploit code, and tests it against original and fixed versions.
Researchers tweaked prompts to bypass AI safety guards, which often fail when tasks sound like research. This mirrors real-world cases where attackers evade restrictions in tools like ChatGPT.
In 2025, similar systems have emerged. For instance, tools like Bug Hunter GPT and HackerGPT offer AI insights for ethical hacking and penetration testing.
Here is a quick look at the process:
-
-
- Input Phase: Feed CVE advisory and patch code into the AI.
- Analysis Phase: AI identifies the flaw and suggests exploit paths.
- Generation Phase: Creates and validates exploit code.
- Validation Phase: Tests on vulnerable and patched software.
-
This automation cuts development time from months to minutes. Data from 2025 shows the median time to exploit vulnerabilities dropped below 192 days, with AI pushing it lower.
Experts predict this trend will continue as models improve.
| Step | Time Taken | Cost Estimate |
|---|---|---|
| Input and Analysis | 2-5 minutes | Negligible |
| Code Generation | 5-10 minutes | Under $0.50 |
| Testing and Validation | 3-5 minutes | Under $0.50 |
| Total | 10-20 minutes | About $1 |
Challenges for Cybersecurity Defenders
Defenders must shift focus from exploit difficulty to software exposure. Reachability analysis helps prioritize fixes for internet-facing systems.
In 2025, over 40,000 vulnerabilities were reported, but only a small fraction got exploited. AI could change that by making N-day attacks common.
Khayet warns the industry lacks readiness for machine-speed exploits. Many organizations juggle thousands of open findings without quick fixes.
Recent events, like AI-powered ransomware campaigns, show threats evolving fast. Attackers use models to automate extortion and data theft.
This puts pressure on teams to adopt AI for defense, like automated patching and threat prediction.
Broader Impacts on the Industry
AI tools are transforming both offense and defense in cybersecurity. Reports from 2025 highlight rising exploits in AI frameworks and low-code platforms.
For example, vulnerabilities in remote access tools and document editors top attack lists. AI-generated code adds new risks, as seen in APT attacks.
Ethical hackers benefit from AI for vulnerability scanning and OSINT, but malicious use grows. Cybercrime now includes AI automating breaches and dark web dumps.
Defenders need strategies like faster detection and AI-driven monitoring to keep up.
Looking Ahead to AI-Driven Threats
As AI advances, exploit generation could become instant for many flaws. This demands defense at machine speed, with automated tools for quick responses.
Enterprises should invest in AI security now to stay ahead. The gap between disclosure and exploitation is shrinking, making proactive measures essential.
What do you think about AI in cybersecurity? Share your thoughts in the comments and spread this article to raise awareness.
