LIVE THREATS
HIGH Malicious npm Package Targets Claude AI Users via Supply Chain Attack // HIGH Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities in Open-Source Projects // HIGH Russia-Linked GreyVibe Weaponises ChatGPT and Gemini Across Full Attack Lifecycle // HIGH Russian GreyVibe Group Weaponises ChatGPT and Gemini for Cyberespionage // MEDIUM SQLite Bans Agentic Code Submissions as AI Bug Report Floods Begin // MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale //
ATLAS OWASP HIGH Significant risk · Prioritise patching Agentic AI Research LLM Security RELEVANCE ▲ 7.8

Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities in Open-Source Projects

SOURCE HN AI Security ↗
TL;DR HIGH
  • What happened: Multi-agent LLM system autonomously finds and reproduces real zero-day vulnerabilities at near-human expert capability.
  • Who's at risk: Maintainers of open-source C/C++ projects are most directly exposed, as this class of tooling can systematically surface exploitable bugs at scale.
  • Act now: Accelerate patching cadence for open-source C/C++ projects likely to attract automated scanning · Integrate fuzzing-as-a-service (e.g., OSS-Fuzz) into CI/CD pipelines before adversaries can exploit discovered bugs · Monitor for automated vulnerability disclosure patterns that may indicate AI-assisted reconnaissance against your codebase
Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities in Open-Source Projects

Overview

FuzzingBrain V2 is a multi-agent LLM-based system developed by researchers from Texas A&M University that automates the full vulnerability discovery and reproduction pipeline. Published on arXiv in May 2026, the paper documents how the system achieved a 90% detection rate (36 of 40 vulnerabilities) on the AIxCC 2025 Final Competition C/C++ dataset and independently discovered 29 zero-day vulnerabilities across 12 open-source projects — all subsequently confirmed and patched by maintainers, with 2 assigned CVE IDs.

The significance here is dual-use: while the system is positioned as a defensive research tool, it substantially lowers the barrier for automated, scalable vulnerability discovery that previously required significant human expertise.

Technical Analysis

FuzzingBrain V2 addresses three core limitations of prior LLM-based vulnerability research:

  1. False Positive Reduction: All reported vulnerabilities are verified as fuzzer-reproducible via integration with Google’s OSS-Fuzz infrastructure, ensuring findings are actionable rather than theoretical.

  2. Suspicious Point Abstraction: The system introduces a novel control-flow-based granularity called a “Suspicious Point” — sitting between function-level and line-level analysis — to precisely localise vulnerability sites without losing surrounding context.

  3. Hierarchical Function Analysis with Dual-Layer Fuzzing: The system uses logic-driven traversal of cross-function dependencies, paired with two layers of fuzzing to maximise coverage under compute constraints.

  4. MCP-Based Tool Integration: Static and dynamic analysis tools are orchestrated via the Model Context Protocol (MCP), enabling agents to reason about complex triggering conditions across function boundaries.

The agent architecture allows autonomous selection of analysis strategies, tool invocation, and iterative refinement of vulnerability hypotheses — behaviour characteristic of systems with high degrees of agency.

Framework Mapping

  • AML.T0047 (ML-Enabled Product or Service): FuzzingBrain V2 is itself an ML-enabled offensive capability that can be deployed as a service to systematically discover vulnerabilities.
  • AML.T0040 (ML Model Inference API Access): The system relies on inference from frontier LLMs, meaning its capability is gated on model access — a chokepoint for misuse controls.
  • LLM08 (Excessive Agency): The autonomous, multi-step decision-making — from code analysis to fuzzer configuration to vulnerability confirmation — exemplifies the risks of over-empowered LLM agents operating without human review at each stage.
  • LLM09 (Overreliance): Defenders and security teams may over-trust AI-generated vulnerability reports without validating the full exploit chain independently.

Impact Assessment

The immediate impact is significant for open-source software security. Systems like FuzzingBrain V2, if made broadly available or replicated by threat actors, could enable rapid, automated discovery of exploitable bugs in critical infrastructure dependencies. The 29 confirmed zero-days across 12 projects — all in real-world production code — demonstrate the system operates beyond benchmark conditions.

For defenders, the silver lining is that the same capability can be deployed proactively. For adversaries, particularly well-resourced cybercriminal groups or nation-state actors, replication of this approach could dramatically accelerate exploit development timelines.

Mitigation & Recommendations

  • Adopt proactive fuzzing: Enroll projects in OSS-Fuzz or equivalent continuous fuzzing infrastructure to identify bugs before automated tools do.
  • Shorten patch cycles: Assume automated vulnerability discovery tools are being used against your codebase and reduce the window between discovery and fix.
  • Monitor CVE/advisory feeds: Watch for patterns of AI-assisted bulk vulnerability disclosure targeting your software stack.
  • Restrict access to capable LLMs: Where possible, apply usage policies and rate limits to frontier models that could power systems like FuzzingBrain V2.
  • Security code review for C/C++: Prioritise memory-safety audits in legacy C/C++ codebases most susceptible to the vulnerability classes this system targets.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.