The coming industrialisation of exploit generation with LLMs
Sean Heelan describes an experiment that’s hard to ignore: he built agents on top of frontier models (Opus 4.5 and GPT-5.2) and tasked them with turning a zero-day in the QuickJS JavaScript interpreter into working exploits under real-world constraints (ASLR, non-exec memory, RELRO, sandboxing, and more). Across multiple scenarios and runs, the agents produced dozens of distinct working exploits, sometimes by assembling surprisingly intricate chains of primitives — and they did it with a clear, automatable notion of “success” (a verifier harness that can detect when the exploit achieved its goal).
His main argument is about scaling: exploit development has two properties that map well to today’s LLM agents — a controllable environment with well-understood tools, and a fast, objective verifier. That means you can “buy” more search with more tokens, and your limiting factor becomes throughput and budget rather than how many human exploit devs you can recruit. Heelan is careful to separate this from more interactive intrusion tasks (lateral movement, persistence) where a wrong step can end the run, but he suggests we should plan for an “industrialized” offensive baseline and push for more realistic, large-budget evaluations against real targets.