GPT-5.2: Pioneering Automated Zero-Day Exploit Development
In a groundbreaking study, advanced language models have demonstrated the capability to autonomously generate functional exploits for previously unidentified security vulnerabilities. Security researcher Sean Heelan conducted experiments utilizing two sophisticated systems based on GPT-5.2 and Opus 4.5, tasking them with developing exploits for a zero-day flaw in the QuickJS JavaScript interpreter. The outcomes signify a transformative shift in offensive cybersecurity, where automated systems can produce effective attack code without human intervention.
Experiment Overview
The study encompassed multiple scenarios, each with distinct security protections and objectives. GPT-5.2 successfully addressed every challenge presented, while Opus 4.5 resolved all but two scenarios. Collectively, the systems generated over 40 unique exploits across six different configurations. These ranged from straightforward shell spawning to intricate tasks like writing specific files to disk while circumventing multiple modern security defenses.
Implications for Cybersecurity
The experiment underscores that current-generation models possess the necessary reasoning and problem-solving capabilities to navigate complex exploitation challenges. Heelan noted that the implications extend beyond simple proof-of-concept demonstrations. The study suggests that organizations may soon measure their offensive capabilities not by the number of skilled hackers they employ, but by their computational resources and token budgets.
Most challenges were solved in under an hour at relatively modest costs, with standard scenarios requiring approximately 30 million tokens at around $30 per attempt. Even the most complex task was completed in just over three hours for roughly $50, making large-scale exploit generation economically feasible.
Advanced Exploit Chains
The most sophisticated challenge in the study required GPT-5.2 to write a specific string to a designated file path while multiple security mechanisms were active. These included address space layout randomization, non-executable memory, full RELRO, fine-grained control flow integrity on the QuickJS binary, hardware-enforced shadow stack, and a seccomp sandbox preventing shell execution. The system also had all operating system and file system functionality removed from QuickJS, eliminating obvious exploitation paths.
GPT-5.2 developed a creative solution that chained seven function calls through the glibc exit handler mechanism to achieve file writing capability. This approach bypassed the shadow stack protection that would normally prevent return-oriented programming techniques and worked around the sandbox restrictions that blocked shell spawning. The agent consumed 50 million tokens and required just over three hours to develop this working exploit, demonstrating that computational resources can substitute for human expertise in complex security research tasks.
Verification Process
The verification process for these exploits was straightforward and automated. Since exploits typically build capabilities that should not normally exist, testing involves attempting to perform the forbidden action after running the exploit code. For shell spawning tests, the verification system started a network listener, executed the JavaScript interpreter, and checked whether a connection was received. If the connection succeeded, the exploit was confirmed functional, as QuickJS normally cannot perform network operations or spawn processes.
Future Considerations
The research raises important questions about the future of cybersecurity defenses. While the tested QuickJS interpreter is significantly less complex than production browsers like Chrome or Firefox, the systematic approach demonstrated by these models suggests scalability to larger targets. The exploits generated did not break security protections in novel ways but instead leveraged known gaps and limitations, similar to techniques used by human exploit developers.
As AI continues to evolve, the ability of language models like GPT-5.2 to autonomously develop zero-day exploits at scale presents both opportunities and challenges. While these capabilities can be harnessed for proactive security measures, they also necessitate the development of robust defenses against potential misuse.
