T3MP3ST: AI Agents Find 0-Day Bugs, 90.1% Success

1h ago·0:00 listen·Source: CyberSecurityNews

Summary

A new open-source security framework called T3MP3ST is transforming existing AI coding agents into autonomous red-teaming operators. It uses tools like Claude Code, OpenAI’s Codex, and Hermes without needing new API keys or cloud infrastructure. Built by researcher elder-plinius, T3MP3ST coordinates multiple agent instances through a reconnaissance-to-exploit-to-report kill chain. Users point the framework at an authorized target, and their existing AI coding agent drives the mission. The framework claims a 90.1% pass@1 score on XBOW’s 104-challenge XBEN suite. On a separate set of 10 real CVEs disclosed in 2026, a single agent pinpointed 8 vulnerabilities to the exact file, line, and CWE classification. The broader tool pack surfaced all 10 results. This is significant because these bugs postdate the model's training cutoff, ruling out memorization. The framework maps an 8-operator kill chain onto MITRE ATT&CK tactics and the Cyber Kill Chain. Only the recon engine and single-agent exploit loop are currently benchmarked and stable. This development is important because it highlights the growing trend of AI-driven security tooling and autonomous red-teaming.

Read the full article on CyberSecurityNews

This is an AI-generated audio summary. Always check the original source for complete reporting.

Share
Keep Listening