{"data":{"id":"70c40349-d052-4706-8d4b-c71d74f72573","title":"We built a vulnerability vending machine: AI tokens in, zero-days out","summary":"Researchers at Intruder built an automated system using LLMs (large language models, AI systems trained on text data) to find real security vulnerabilities in software code, discovering a SQL injection zero-day (a previously unknown security flaw) in a WordPress plugin with 300,000+ users. The key challenge is that pointing an LLM at an entire codebase causes it to lose focus by processing irrelevant code, so they developed a pipeline using program slicing (a technique that extracts only the relevant code segments) combined with code scanning tools to give the LLM focused context and filter findings through multiple AI models before attempting exploitation.","solution":"N/A -- no mitigation discussed in source.","labels":["security","research"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/we-built-a-vulnerability-vending-machine-ai-tokens-in-zero-days-out/","publishedAt":"2026-07-15T14:01:11.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["WordPress","Joern","Claude (Sonnet/Opus)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-15T14:01:11.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}