A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...

AutoEG: Exploiting Known Third-Party Vulnerabilities in Black-Box Web Applications

Large-scale web applications are widely deployed with complex third-party components, inheriting security risks arising from component vulnerabilities. Security assessment is therefore required to determine whether such known vulnerabilities remain practically exploitable in real applications...

Good News for Script Kiddies? Evaluating Large Language Models for Automated Exploit Generation

Large Language Models LLMs have demonstrated remarkable capabilities in code-related tasks, raising concerns about their potential for automated exploit generation AEG. This paper presents the first systematic study on LLMs' effectiveness in AEG, evaluating both their cooperativeness and technica...