On the Coming Industrialisation of Exploit Generation with LLMs 好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住主要信息。 文章讲的是作者进行了一项实验，使用Opus 4.5和GPT-5.2这两个模型构建智能体，挑战它们利用QuickJS JavaScript解释器中的零日漏洞编写exploit。作者设置了各种现代的防护机制和约束条件，并测试了不同的目标。结果是这两个模型成功生成了超过40种不同的exploit，GPT-5.2解决了所有场景，Opus 4.5只失败了两个。 接下来，作者讨论了这些结果对未来网络安全的影响，认为LLM在漏洞利用开发方面的能力可能很快工业化，组织的能力将受限于能投入多少计算资源（token），而不是拥有的黑客数量。他还提到实验中的一些限制条件和未来的研究方向。 总结时要突出实验的结果、模型的表现以及对未来的影响。控制在100字以内的话，需要简洁明了地表达这些关键点。 可能会这样组织语言：实验中使用Opus 4.5和GPT-5.2生成针对QuickJS零日漏洞的exploit，成功生成40多个，并讨论LLM在网络安全中的工业化应用前景。 再检查一下是否符合要求：直接描述内容，不使用总结性开头，控制在100字以内。 </think> 实验中使用Opus 4.5和GPT-5.2生成针对QuickJS零日漏洞的exploit，成功生成40多个，并讨论LLM在网络安全中的工业化应用前景。... 2026-1-18 20:51:55 | 阅读: 0 | 收藏 | Sean Heelan's Blog - sean.heelan.io experiments agents gpt quickjs evaluations

How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation 文章描述了作者利用OpenAI的o3模型发现Linux内核中的零日漏洞（CVE-2025-37899），该漏洞涉及SMB协议的“logoff”命令处理中的use-after-free问题。通过分析代码和上下文，o3成功识别出并发连接导致的内存安全问题，并展示了其在漏洞检测中的潜力。... 2025-5-22 10:25:30 | 阅读: 45 | 收藏 | Sean Heelan's Blog - sean.heelan.io sess o3 ksmbd smb2 llm

Application optimisation with LLMs: Finding faster, equivalent, software libraries. A few months back I wrote a blog post where I mentioned that the least-effor... 2023-6-30 19:33:27 | 阅读: 17 | 收藏 | Sean Heelan's Blog - sean.heelan.io llm software benchmarks googling sysgrok

Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation In the previous post I advocated for building systems that combine static an... 2023-3-1 17:5:48 | 阅读: 22 | 收藏 | Sean Heelan's Blog - sean.heelan.io memory analysis aliasing positives gstring

60%+ Performance Improvements with Continuous Profiling and Library Matching – Part 1/2 on Combining Dynamic and Static Analysis for Performance Optimisation This is the first post in a two part series on combining static and dynamic... 2023-2-14 18:37:18 | 阅读: 16 | 收藏 | Sean Heelan's Blog - sean.heelan.io analysis expensive analyses profiling

Optimising an eBPF Optimiser with Prodfiler (Repost) How do you almost 2x your application’s performance with zero code chang... 2023-2-11 01:32:47 | 阅读: 23 | 收藏 | Sean Heelan's Blog - sean.heelan.io k2 prodfiler z3 candidate pgo

PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters Over the summer I defended my PhD thesis. You can find it here. To give... 2020-11-19 04:19:43 | 阅读: 150 | 收藏 | sean.heelan.io stage phases greybox solver overflows

Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters At the upcoming ACM Conference on Computer and Communications Security (CCS)... 2019-10-30 20:10:30 | 阅读: 40 | 收藏 | sean.heelan.io aeg gollum primitives assumption scheduling

Automation in Exploit Generation with Exploit Templates At last year’s USENIX Security conference I presented a paper titled “Automa... 2019-03-05 22:21:19 | 阅读: 44 | 收藏 | sean.heelan.io shrike php 384 manip partially

Some Cool Projects from a Dagstuhl Seminar on SAT, SMT and CP Skip to contentI was lucky enough to attend a Dagstuhl seminar... 2019-02-07 21:30:33 | 阅读: 44 | 收藏 | sean.heelan.io counting minizinc approximate coursera solver

Fuzzing PHP’s unserialize Function Recently, the PHP development team have decided that they will no longer cons... 2017-08-13 06:47:30 | 阅读: 49 | 收藏 | sean.heelan.io unserialize php development security repository

Upcoming Public Training: 4 Days of Advanced Tool Development with SMT Solvers (London, Nov ’17) Skip to contentTL;DR: I’ll be running a new version of the Adva... 2017-07-31 20:37:38 | 阅读: 42 | 收藏 | sean.heelan.io symbolic analysis vertex partially klee

Tracking Down Heap Overflows with rr Anyone who’s spent time doing vulnerability analysis on C/C++ has had the exp... 2016-05-31 22:38:12 | 阅读: 41 | 收藏 | sean.heelan.io php rr gd dbg memory

Fuzzing Language Interpreters Using Regression Tests Skip to contentAt INFILTRATE ’14 I gave a talk on the topic of... 2016-04-26 19:21:33 | 阅读: 49 | 收藏 | sean.heelan.io ended versus analysis slides

Some Early-Stage Work on Statistical Crash Triage Skip to contentLast week at Infiltrate I presented some early-s... 2016-04-13 18:15:29 | 阅读: 40 | 收藏 | sean.heelan.io crash predicate triage predicates crashing

Training Dates Confirmed (Plus a Contest for Students) Good news everyone! The location and dates for the public edition of “Advance... 2016-03-30 06:47:32 | 阅读: 38 | 收藏 | sean.heelan.io vertex 29th deadline london analysis

Public Edition of “Advanced Tool Development with SMT Solvers” Coming Soon! Skip to contentSMT solvers are an interesting, and powerful, te... 2016-02-26 02:45:01 | 阅读: 48 | 收藏 | sean.heelan.io vertex solvers analysis intend informed