Intruder combines large language models with program slicing to automatically discover complex software bugs. The system uncovered a remote multi‑stage SQL injection zero‑day in a WordPress plugin used by over 300,000 sites, while other findings are pending responsible disclosure.

Key Takeaways (मुख्य बिंदु)

  • Program slicing paired with LLMs enables fully automated zero‑day discovery
  • Intruder identified a blind SQL injection (CVE‑2026‑3985) in the Creative Mail WordPress plugin
  • The pipeline moves from code‑base scanning to exploit generation without human intervention

Artificial intelligence is reshaping how vulnerability research is performed, yet most discussions remain theoretical. Intruder set out to answer a practical question: using the LLMs available today, how far can AI take us in finding real, exploitable bugs in production software?

How the Pipeline Works

The core of the system is a pipeline that feeds a code‑base into the Joern scanner, generates “program slices” for each flagged finding, and then hands those slices to a hierarchy of language models. Slicing mimics IDE features such as “find implementation” or call‑graph analysis, isolating only the relevant code paths and preventing the token‑bloat problem that plagues naïve whole‑repo scanning.

From LLM Triage to Exploit Generation

Each slice first passes through a lightweight triage model (e.g., Sonnet) that discards obviously benign hooks. The remaining slices are then evaluated by a heavier model (Opus) that retains full call‑context memory, allowing it to judge exploitability accurately. When a slice is deemed exploitable, a dedicated exploitation agent retrieves the full source again, spins up a Docker container, and attempts to craft a working exploit.

First Success: CVE‑2026‑3985

The pipeline’s inaugural bounty was a blind SQL injection in the popular Creative Mail WordPress plugin, assigned CVE‑2026‑3985. The bug grants an attacker read access to the database—including admin password hashes and secret tokens—once a series of chained requests is issued. Because the vulnerability spans multiple components (it requires WooCommerce to be present), traditional scanners often miss it.

The exploitation agent produced a one‑shot proof‑of‑concept that both verified the issue and extracted password hashes from the database. Independent researcher Dmitrii Ignatyev of CleanTalk also discovered the flaw and reported it to Wordfence. The plugin has since been removed from the WordPress repository pending a security patch.

Implications and Future Outlook

Intruder stresses that this is merely the beginning; several more vulnerabilities are already in the disclosure pipeline. As LLMs become more capable and cost‑effective, the speed and depth of automated vulnerability discovery are expected to outpace manual research, shrinking the window of exposure for software vendors. Nonetheless, managing token costs and model bias will remain critical operational challenges.