Security researchers have unveiled VEXAIoT, an AI-driven multi-agent framework designed to automate the detection and exploitation of vulnerabilities within Internet of Things (IoT) environments. This innovative system leverages large language model agents to coordinate tasks such as reconnaissance, attack planning, command generation, and result validation within controlled security testbeds.
VEXAIoT, which stands for Vulnerability EXploitation using AI Agents, comprises two interconnected agents. The first, a vulnerability detection agent, scans target devices to identify exposed services and known vulnerabilities. The second, an attack execution agent, selects appropriate tools, generates commands, and attempts to execute the planned exploits.
The detection process begins with the use of Nmap to identify open ports, services, and active network protocols on the target device. Subsequently, the system cross-references this information with data from Searchsploit and the Exploit Database to match discovered software and versions to known Common Vulnerabilities and Exposures (CVEs) and publicly available proof-of-concept exploits. The AI model then analyzes this data to create a prioritized attack plan based on factors such as vulnerability severity, available tools, and dependencies between attacks.
For instance, certain attacks may require valid credentials to proceed. In such cases, VEXAIoT first attempts credential recovery or network traffic interception before initiating dependent actions. The framework is also capable of retrying attacks when initial command executions fail, utilizing error messages and execution outputs to refine subsequent attempts.
Researchers tested VEXAIoT against IoTGoat, an intentionally vulnerable OpenWrt-based IoT firmware environment, and the Metasploitable2 vulnerable machine. The IoTGoat tests encompassed ten scenarios aligned with OWASP IoT security risks, including weak passwords, insecure network services, exposed developer backdoors, insecure updates, DNS denial-of-service, plaintext sensitive data, man-in-the-middle interception, remote code execution, and log deletion.
In 200 IoTGoat attack attempts, VEXAIoT completed 189, achieving a 94.5% success rate. Seven scenarios, such as cross-site scripting, developer-backdoor access, malicious update execution, database PII extraction, log erasure, and remote code execution, achieved a 100% success rate. The weakest results were observed in the MiniUPnP backdoor and DNS denial-of-service tests, where command syntax issues and model refusals reduced success rates to 80%.
According to the research, the framework successfully exploited the VSFTPD backdoor and exposed database credentials in all 60 Metasploitable2 tests, while achieving remote code execution in 18 of 20 attempts. Combined, the system achieved a 95% success rate across 260 executions. Most attacks were completed in under two minutes, although password cracking took longer. Parallelizing independent attacks reduced total test time from approximately eight minutes and 31 seconds to about three minutes and 50 seconds, though token consumption remained largely unchanged due to each attack requiring a separate AI-agent interaction.
The development of VEXAIoT underscores the growing potential of agentic AI in authorized IoT penetration testing. By automating complex tasks traditionally performed by human testers, such frameworks can significantly enhance the efficiency and effectiveness of security assessments. However, this advancement also raises concerns about the potential misuse of such technologies by malicious actors. As AI-driven tools become more sophisticated, it is imperative for the cybersecurity community to establish robust ethical guidelines and safeguards to prevent their exploitation for unauthorized purposes.