:

AI SYSTEM AUTOMATICALLY DISCOVERS ZERO-DAY VULNERABILITIES

AI DESK2 MIN READ
WED, JUL 15, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.

Intruder's "vulnerability vending machine" represents a significant shift in how security researchers approach code analysis. The system feeds code segments into language models, enabling automated detection of complex vulnerabilities that traditional static analysis tools often miss. The breakthrough came when the system identified a previously unknown zero-day flaw in a WordPress plugin. Intruder followed responsible disclosure protocols, working with affected parties before public revelation. The company reports additional vulnerabilities already discovered through the same process. The approach combines code slicing—breaking software into manageable segments—with LLM capabilities to understand context and identify logical flaws. This hybrid method proves more effective than conventional vulnerability scanning, which typically focuses on known attack patterns. The development underscores both the promise and risk of AI in cybersecurity. Automated vulnerability discovery accelerates security research and patch development, benefiting defenders. However, the same technology could enable attackers to identify exploits at scale. Intruder's responsible disclosure approach demonstrates awareness of these dual-use implications. The company discovered vulnerabilities through coordinated disclosure rather than public exploit, allowing vendors time to develop and deploy patches. The system's ability to find complex vulnerabilities reflects broader trends in AI-assisted security. Machine learning models trained on code patterns can identify subtle logical errors and security weaknesses humans might overlook. The addition of LLM reasoning capabilities enhances this further, allowing the system to understand intent and potential attack vectors. As vulnerability discovery becomes increasingly automated, the security industry faces pressure to accelerate patch cycles and improve code quality upstream. The emergence of such tools may also shift the economics of bug bounty programs and vulnerability research. Intruder has not disclosed the full technical details or timeline for broader deployment, suggesting the tool remains in controlled evaluation. The company's focus on responsible disclosure indicates plans to work with vendors before scaling the system's capabilities.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.

JUST NOWSecurity Desk

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

8H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.