Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The last artificial intelligence The models are not only Remarkably good in software engineering—No new research shows that they also become more tasks to find bugs in software.
AI researchers in UC Berkeley have tested the latest models and agents of AI could find vulnerabilities in 188 large open source code bases. Using a new reference called CyberggiaThe AI models have identified 17 new bugs, including 15 unknown previously or “zero-day”. “Many of these vulnerabilities are essential,” said Dawn Song, professor at UC Berkeley who managed the work.
Many experts expect AI models to become great cybersecurity weapons. An XBOW Startup AI tool currently has climbed into the rows of hackeronThe insect hunting classification and is currently in first place. The company recently announced $ 75 million in new funding.
Song says that the coding skills of the latest AI models combined with the improvement of reasoning capacities are starting to change the landscape of cybersecurity. “It’s a pivotal moment,” she said. “This has actually exceeded our general expectations.”
While the models continue to improve Will automate the discovery process and exploit security defects. This could help companies ensure the security of their software, but can also help hackers enter systems. “We didn’t even try so hard,” said Song. “If we have increased the budget, allowed agents to operate longer, they could do even better.”
The UC Berkeley team has tested the conventional models of Openai, Google and Anthropic, as well as open source offers from Meta, Deepseek and Alibaba combined with several agents to find bugs, including Open,, CybenchAnd Enigma.
The researchers used descriptions of known software vulnerabilities of the 188 software projects. They then fed the descriptions to the cybersecurity agents fed by Frontier AI models to see if they could identify the same faults for themselves by analyzing new code bases, performing tests and making proof of concept. The team also asked agents to chase new vulnerabilities in code bases by themselves.
Thanks to the process, AI tools have generated hundreds of proof of concept proof, and among these exploits, researchers identified 15 previously invisible vulnerabilities and two vulnerabilities that had already been disclosed and corrected. Work adds to increasing evidence that AI can automate the discovery of zero-day vulnerabilities, which are potentially dangerous (and precious) because they can provide a means of hacking live systems.
The AI seems intended to become an important part of the cybersecurity industry. Sean Heelan Security Expert recently discovered A zero-day defect in the Linux nucleus widely used with the help of the OpenAi O3 reasoning model. Last November, Google announcement that he had discovered a previously unknown software vulnerability using AI via a program called Project Zero.
Like other parts of the software industry, many cybersecurity companies are in love with the potential of AI. The new work shows that AI can constantly find new faults, but it also highlights the remaining limitations with technology. AI systems were unable to find most of the faults and were perplexed by particularly complex perplexes.
