Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test environment in April.

Two months later, the same researchers showed that those teams can now find and exploit previously unknown vulnerabilities. They tested the agents by selecting a list of severe vulnerabilities that were discovered after the cut-off training date for the LLM (GPT-4), so the AIs knew nothing about them. Then they set up a test environment that had those vulnerabilities in them. And the agents were able to find and use those vulnerabilities.