AI Meets Vulnerability Discovery: The Vending Machine That Finds Zero-Days
Security firm Intruder has published a detailed breakdown of how it built what it calls a "vulnerability vending machine" — an AI-powered system that feeds code into large language models (LLMs) and receives zero-day vulnerabilities in return.
The system combines code slicing (breaking code into semantically relevant chunks) with targeted LLM prompting to automatically identify complex security flaws. The approach is notable not just for what it found — a previously unknown WordPress plugin zero-day — but for what it suggests about the future trajectory of automated vulnerability research.
How the Vulnerability Vending Machine Works
The core insight behind Intruder's system is that LLMs are poor at analyzing large, complex codebases holistically but excel at identifying vulnerabilities in focused, well-scoped code segments.
Traditional manual vuln research:
Researcher reads entire codebase → identifies suspicious patterns → develops PoC
Time: Days to weeks per target
AI-assisted approach:
1. Code Ingestion — parse target application's source
2. Code Slicing — extract semantically relevant code sections
(e.g., input handling, database queries, file operations, auth checks)
3. LLM Analysis — submit each slice with targeted security prompts
("Does this code safely handle user input?" / "Can this path be traversed?")
4. Candidate Triage — LLM flags suspicious patterns with explanations
5. Human Validation — researcher confirms and develops PoC for flagged candidates
6. Exploit Development — confirmed findings weaponized or responsibly disclosedCode Slicing: The Key Enabler
The breakthrough that makes the approach viable is code slicing — rather than dumping an entire application into an LLM (which exceeds context windows and dilutes focus), the system extracts targeted code paths:
- Data flow slices — tracing user-controlled input from entry point to sensitive operation
- Semantic slices — grouping code by functionality (authentication, file handling, SQL queries)
- Call graph slices — extracting function call chains that interact with security-sensitive APIs
This dramatically improves signal-to-noise ratio, enabling LLMs to focus analysis on the code segments most likely to harbor vulnerabilities.
The WordPress Zero-Day Discovery
Intruder's system identified a previously unknown zero-day vulnerability in a WordPress plugin using this approach. While specific plugin details are subject to coordinated disclosure timelines, the discovery demonstrates the practical efficacy of the automated pipeline.
| Discovery Aspect | Detail |
|---|---|
| Target | WordPress plugin (undisclosed pending patch) |
| Vulnerability Type | Security flaw identified by LLM code analysis |
| Discovery Method | Automated code slicing + LLM analysis |
| Prior Knowledge Required | None — fully automated initial discovery |
| Additional Discoveries | Multiple additional findings reported as in progress |
The finding represents a shift: zero-day discovery no longer requires years of specialized experience alone — AI can surface candidate vulnerabilities that researchers then validate and weaponize.
Implications for the Security Ecosystem
For Defenders
The democratization of vulnerability research cuts both ways:
- Faster patch cycles needed — if defenders can find bugs with AI, so can attackers
- Increased vulnerability surface awareness — AI-assisted scanning can surface long-standing bugs
- Broader attack surface coverage — LLMs can analyze code in languages and frameworks where human expertise is scarce
For Attackers
The same tooling accessible to security researchers is accessible to threat actors:
Nation-state actors — already applying AI to vulnerability research at scale
Ransomware groups — purchasing AI-discovered zero-days from brokers
Script kiddies — lower barrier to finding exploitable bugs in popular software
Supply chain attackers — AI-assisted analysis of OSS dependencies for hidden flawsFor the Vulnerability Ecosystem
| Stakeholder | Impact |
|---|---|
| Bug bounty hunters | AI-assisted triage dramatically increases throughput |
| Vulnerability brokers | Supply of zero-days may increase, potentially affecting pricing |
| Patch teams | Faster disclosure cycles require faster patch development |
| CISOs | AI-discovered vulns require AI-assisted patch prioritization |
Technical Limitations and Caveats
Intruder's system is not a "fire and forget" zero-day generator — several caveats apply:
- False positives — LLMs flag patterns that look suspicious but are not exploitable; human validation is essential
- Context gaps — code slices lose surrounding context that may neutralize apparent vulnerabilities
- Novel vuln classes — LLMs perform best on known vulnerability patterns; truly novel classes may be missed
- Compiled/obfuscated targets — the approach requires source code or decompiled output
- Rate limits and cost — large-scale analysis of complex applications consumes significant API tokens
Despite these limitations, the approach represents a genuine leap in the accessibility and scale of automated vulnerability discovery.
What Security Teams Should Do
The vulnerability vending machine concept is a wake-up call for software security practices:
- Apply AI to your own code — use LLM-assisted code review in your SDLC before attackers use it against you
- Prioritize WordPress and plugin patching — widely deployed CMS plugins are high-value AI-assisted targets
- Subscribe to vendor security advisories — AI-discovered disclosures will accelerate as tooling matures
- Bug bounty programs — incentivize external researchers to find and responsibly disclose AI-discovered bugs
- Threat model AI-assisted attacks — assume motivated attackers are applying similar tooling against your software
References
- BleepingComputer — We Built a Vulnerability Vending Machine: AI Tokens In, Zero-Days Out
- Intruder Security Research