tool 2026

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

Biagio Andreucci , Arcangelo Castiglione

Università degli Studi di Salerno

0 citations
α

Published on arXiv

2604.22427

Prompt Injection

OWASP LLM Top 10 — LLM01

Excessive Agency

OWASP LLM Top 10 — LLM08

Key Finding

Successfully validated across eight scenarios including undocumented zero-day environments, demonstrating ability to prevent live-fire crashes and execute risk-mitigated exploits on actual targets

Automation-Exploit

Novel technique introduced

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service (DoS) risks, Automatic Exploit Generation (AEG) systems suffer from semantic blindness, and Large Language Model (LLM) agents face safety alignment filters and "Live Fire" execution hazards. We introduce Automation-Exploit, a fully autonomous Multi-Agent System (MAS) framework designed for adaptive offensive security in complex black-box scenarios. It bridges the abstraction gap between reconnaissance and exploitation by autonomously exfiltrating executables and contextual intelligence across multiple protocols, using this data to fuel both logical and binary attack chains. The framework introduces an adaptive safety architecture to mitigate DoS risks. While it natively resolves logical and web-based vulnerabilities, it employs a conditional isomorphic validation for high-risk memory-corruption flaws: if the target binary is successfully exfiltrated, it dynamically instantiates a cross-platform digital twin. By enforcing strict state synchronization, including libc alignment and runtime file descriptor hooking, potentially destructive payloads are iteratively debugged in an isolated replica. This enables a highly risk-mitigated "one-shot" execution on the physical target. Empirical evaluations across eight scenarios, including undocumented zero-day environments to rule out LLM data contamination, validate the framework's architectural resilience, demonstrating its ability to prevent "live fire" crashes and execute risk-mitigated compromises on actual targets.

Key Contributions

  • Multi-agent LLM framework that autonomously exfiltrates target binaries and contextual intelligence across protocols to enable end-to-end exploit chains
  • Digital twin-based isomorphic validation architecture with libc alignment and file descriptor hooking for safe iterative testing of memory-corruption exploits before live execution
  • Adversarial handoff mechanism to bypass LLM safety alignment filters and adaptive pruning via Navigator agent to reduce false positives and hallucinations

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llm
Threat Tags
black_boxinference_time
Applications
autonomous penetration testingvulnerability exploitationoffensive security automation
Read PDF arXiv

Similar Papers

tool

DREAM: Dynamic Red-teaming across Environments for AI Models

2025 0 cit.
100%
tool

ClawTrap: A MITM-Based Red-Teaming Framework for Real-World OpenClaw Security Evaluation

2026 0 cit.
100%
tool

AJAR: Adaptive Jailbreak Architecture for Red-teaming

2026 0 cit.
100%
tool

AgentSight: System-Level Observability for AI Agents Using eBPF

2025 0 cit.
100%
tool

LAAF: Logic-layer Automated Attack Framework A Systematic Red-Teaming Methodology for LPCI Vulnerabilities in Agentic Large Language Model Systems

2026 0 cit.
92%
tool

MUZZLE: Adaptive Agentic Red-Teaming of Web Agents Against Indirect Prompt Injection Attacks

2026 0 cit.
92%
tool

"Your AI, My Shell": Demystifying Prompt Injection Attacks on Agentic AI Coding Editors

2025 1 cit.
92%
tool

Temporal Attack Pattern Detection in Multi-Agent AI Workflows: An Open Framework for Training Trace-Based Security Models

2025 0 cit.
85%