OpenAI’s GPT-5.6 Sol Ultra model has autonomously developed a complete exploit chain for Google Chrome, utilizing only publicly available security patch commits. This achievement underscores the evolving capabilities of artificial intelligence in cybersecurity, particularly in offensive security research.
Researchers at Hacktron challenged three advanced AI models—GPT-5.6 Sol Medium, Sol Ultra, and Grok 4.5—to analyze security fixes in Chrome’s V8 JavaScript engine and construct a functional exploit chain. The models were provided with the V8 source code corresponding to Chrome version 149.0.7827.201 and a sandboxed d8 build for testing purposes.
The exploitation process was divided into three stages:
- Target Primitives: Establishing fundamental operations like addrof, fakeobj, and arbitrary read/write within V8’s sandbox.
- Sandbox Escape: Leaking addresses of binary, libc, and stack to facilitate native memory access beyond the sandbox.
- Code Execution: Gaining control over the program counter to execute arbitrary commands.
Among the models tested, only Sol Ultra successfully completed all stages, culminating in the execution of a calculator application as proof of concept. In contrast, Grok 4.5 and Sol Medium encountered obstacles after achieving initial memory leaks, failing to progress further.
Sol Ultra’s exploit chain commenced with a type-confusion vulnerability in V8’s Maglev compiler, leading to the creation of addrof and fakeobj primitives. The model then:
- Forged a fake JavaScript array to achieve extensive read/write capabilities within the V8 sandbox.
- Expanded access to the entire V8 sandbox by corrupting DataView metadata.
- Leaked native process addresses through a signed-integer bug in string handling.
- Exploited a use-after-free vulnerability in WebAssembly’s background compiler to gain control over native operations.
- Redirected execution by manipulating the WebAssembly Code Pointer table.
- Achieved final code execution by hijacking a system call, resulting in the launch of the Calculator application.
Throughout this process, Sol Ultra processed over 14,000 requests, utilizing approximately 2.1 billion tokens at a cost of around $1,597. The model employed 74 sub-agents to handle the majority of the investigative tasks, while the primary agent maintained strategic oversight despite significant context reductions.
This development highlights a potential shift in exploit development, traditionally a domain requiring specialized expertise. The ability of AI models like Sol Ultra to autonomously construct exploit chains suggests that, with sufficient computational resources, the process could become more scalable. This raises concerns about the speed at which vulnerabilities can be weaponized, potentially outpacing the deployment of security patches.
For cybersecurity teams, this underscores the critical importance of rapid patch deployment. The traditional reliance on a “patch gap”—the time between the release of a security patch and its widespread application—may no longer be a viable defense strategy. Organizations must prioritize swift patching and reconsider the risk associated with known vulnerabilities, as the window for exploitation may be narrowing.