Redazione RHC : 17 August 2025 18:27
Developing AI agents capable of identifying vulnerabilities in complex systems is still a challenging task that requires a lot of manual labor. However, these agents offer a major advantage: unlike traditional methods such as fuzzing or formal checks, their work can literally be “read” from logs. This allows researchers to better understand the strengths and weaknesses of modern LLM models. The authors of the experiment collected over one hundred gigabytes of these logs and selected several illustrative cases.
The first test object was SQLite, a lightweight and extremely popular C-based DBMS used in browsers, mobile operating systems, cars, airplanes, and even the CRS engine itself. During the practical phase of the AIxCC competition, the agents encountered not only purpose-built vulnerabilities, but also real-world errors.
Among these, two serious bugs were fixed by the developers on August 5th. One of them turned out to be a classic buffer overflow in the zip extension, which is enabled by default. The error allowed exceeding memory limits when working with archives and is nearly impossible to detect using random fuzzing. Another bug in the same code led to unnecessary data being read when opening a corrupted zip file.
Attention then shifted to FreeRDP, a free implementation of the Remote Desktop Protocol. In addition to additional issues, such as an obfuscated “backdoor,” the agents were able to identify a real vulnerability: a signed integer overflow when processing client monitor information. Interestingly, even many hours of fuzzing with libfuzzer didn’t fix this bug, but a well-generated AI input was able to reproduce it.
Similar experiments have been conducted with other popular projects: Nginx, Apache Tika, and Apache Tomcat. The logs show how the AI system attempts to make fixes, encounters ambiguities in the patches, and ultimately manages to successfully handle them, sometimes spending tens of minutes and several dollars in computing resources. In some cases, the agents found unusual exploit methods: for example, if they couldn’t bypass protection when working with a zip file, they switched to tar archives.
The authors emphasize that such experiments are useful not only for identifying bugs, but also for configuring the agents themselves, their tools, and the distribution of roles between them. While not all errors found are critical, practice shows that LLM systems are capable of detecting and reproducing vulnerabilities that elude classic methods. And while this process is still far from fully automated, it already offers researchers a completely new perspective on the security of familiar software.
Redazione