This paper presents HPTSA, a novel multi-agent framework for cybersecurity exploits that enables teams of large language model (LLM) agents to autonomously exploit real-world zero-day vulnerabilities. Prior work shows that single LLM agents struggle with exploring diverse vulnerabilities and long-term planning when faced with unknown vulnerabilities. HPTSA addresses this by introducing a hierarchical planning agent that coordinates a team of task-specific, expert agents to explore and exploit vulnerabilities. The system is evaluated on a benchmark of 15 real-world zero-day vulnerabilities, which are past the knowledge cutoff date of the tested LLM, GPT-4. HPTSA achieves a 53% pass rate on the task of exploiting five vulnerabilities out of 53, outperforming both open-source vulnerability scanners and a single GPT-4 agent without vulnerability descriptions. The system also demonstrates that task-specific agents are essential for high performance. The paper also includes case studies showing how HPTSA successfully exploits specific vulnerabilities, and highlights the importance of task-specific agents and documents in achieving high performance. The cost analysis shows that HPTSA is comparable in cost to a human expert, but the cost of AI agents is expected to decrease in the future. The paper concludes that teams of LLM agents can autonomously exploit zero-day vulnerabilities, resolving an open question in prior work.This paper presents HPTSA, a novel multi-agent framework for cybersecurity exploits that enables teams of large language model (LLM) agents to autonomously exploit real-world zero-day vulnerabilities. Prior work shows that single LLM agents struggle with exploring diverse vulnerabilities and long-term planning when faced with unknown vulnerabilities. HPTSA addresses this by introducing a hierarchical planning agent that coordinates a team of task-specific, expert agents to explore and exploit vulnerabilities. The system is evaluated on a benchmark of 15 real-world zero-day vulnerabilities, which are past the knowledge cutoff date of the tested LLM, GPT-4. HPTSA achieves a 53% pass rate on the task of exploiting five vulnerabilities out of 53, outperforming both open-source vulnerability scanners and a single GPT-4 agent without vulnerability descriptions. The system also demonstrates that task-specific agents are essential for high performance. The paper also includes case studies showing how HPTSA successfully exploits specific vulnerabilities, and highlights the importance of task-specific agents and documents in achieving high performance. The cost analysis shows that HPTSA is comparable in cost to a human expert, but the cost of AI agents is expected to decrease in the future. The paper concludes that teams of LLM agents can autonomously exploit zero-day vulnerabilities, resolving an open question in prior work.