The paper "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities" by Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang from the University of Illinois Urbana-Champaign explores the capabilities of large language model (LLM) agents in exploiting real-world zero-day vulnerabilities. The authors introduce HPTSA, a system that uses a hierarchical planning agent to explore and plan attacks, along with a set of task-specific, expert agents to exploit specific types of vulnerabilities. This multi-agent approach addresses the limitations of single-agent systems, which struggle with long-term planning and exploring multiple vulnerabilities. The paper constructs a benchmark of 15 real-world zero-day vulnerabilities and evaluates HPTSA's performance. The results show that HPTSA achieves a pass rate of 53% at 5 attempts and 33.3% at 1 attempt, outperforming previous work by up to 4.5 times. The authors also conduct case studies to analyze successful and unsuccessful exploitation attempts, highlighting the effectiveness of the task-specific agents and the challenges posed by certain vulnerabilities. The paper concludes by discussing the implications of AI agents in cybersecurity, noting that while HPTSA shows significant improvements, further research is needed to fully understand the broader impacts and limitations of AI agents in this domain.The paper "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities" by Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang from the University of Illinois Urbana-Champaign explores the capabilities of large language model (LLM) agents in exploiting real-world zero-day vulnerabilities. The authors introduce HPTSA, a system that uses a hierarchical planning agent to explore and plan attacks, along with a set of task-specific, expert agents to exploit specific types of vulnerabilities. This multi-agent approach addresses the limitations of single-agent systems, which struggle with long-term planning and exploring multiple vulnerabilities. The paper constructs a benchmark of 15 real-world zero-day vulnerabilities and evaluates HPTSA's performance. The results show that HPTSA achieves a pass rate of 53% at 5 attempts and 33.3% at 1 attempt, outperforming previous work by up to 4.5 times. The authors also conduct case studies to analyze successful and unsuccessful exploitation attempts, highlighting the effectiveness of the task-specific agents and the challenges posed by certain vulnerabilities. The paper concludes by discussing the implications of AI agents in cybersecurity, noting that while HPTSA shows significant improvements, further research is needed to fully understand the broader impacts and limitations of AI agents in this domain.