An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work episode artwork

EPISODE · May 7, 2026 · 21 MIN

An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work

from AI Papers: A Deep Dive

An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work Source: https://arxiv.org/abs/2605.05000 Paper was published on May 06, 2026 This episode was AI-generated on May 7, 2026. The script was written by an AI language model and the host voices were synthesized by Eleven Labs. The producer is not affiliated with Anthropic or Eleven Labs. Microsoft just paid $140,000 in bug bounties to an autonomous agent that found 28 previously unknown vulnerabilities in shipping Windows services and wrote working exploits for them. The same frontier models verified zero exploits with their default scaffolding and 26 with the right one — making this as much a story about tool design as about security. Key Takeaways: - How slyp's two-stage 'scout then sapper' architecture goes from decompiled binary to a working proof-of-concept exploit against live Windows services - Why three purpose-built tool servers — binary explorer, COM inspector, live debugger — turn out to matter more than raw model capability - The headline result: 27 of 40 benchmark cases solved with full tooling, versus 0 of 40 for production coding agents on default settings - Real-world deployment numbers: 28 confirmed zero-days, 16 CVEs, three of them low-integrity-to-SYSTEM escalations - Why static analyzers cap out around 0.30 F1 on this bug class while semantic reasoning over decompiled code reaches 0.97 - Honest limitations: benchmark circularity on most cases, 7–11 million tokens per case, and 'verified crash' is not yet weaponized RCE 00:00 - The bug class: races in Windows COM services: A walkthrough of the SetPrintTicket example showing how unlocked shared-pointer access in a multi-threaded service produces use-after-free and double-free primitives. 02:43 - Why traditional tools struggle here: Why fuzzers can't reliably hit race windows, why pattern-based static analyzers like COMRace miss bugs, and why manual reverse engineering doesn't scale. 05:27 - slyp's architecture: three tool servers behind the model: How the binary explorer, COM inspector, and dynamic debugger embed the mechanical work so the model spends tokens on semantic reasoning. 08:11 - Scout then sapper: the two-stage pipeline: How stage one produces a structured vulnerability report from binary exploration and stage two iterates compile-debug cycles to land a working exploit. 10:55 - Benchmark results and the scaffolding lesson: slyp hits 0.97 F1 on discovery and solves 27 of 40 exploit cases, while default coding agents on the same models verify zero — and the gap widens further on weaker models. 13:38 - Real-world deployment against Microsoft Windows: 28 confirmed vulnerabilities, 16 CVEs, $140,000 in bounties across nine services, including three direct low-integrity-to-SYSTEM escalations. 16:22 - Steelman critiques: Benchmark circularity, the in-house static analyzer comparison, the gap between verified crash and weaponized exploit, and the per-case token cost. 19:06 - What generalizes beyond security: Why closed-source binary analysis is now in reach for agents, what the offense-defense math implies, and what the scaffolding result means for anyone building agents. Recommended Reading: - SWE-agent: Agent-Computer Interfaces Enable Automated Software Engineering: Makes the same scaffolding-matters argument the episode highlights — that the interface between an LLM and its tools, not the model alone, determines agent capability. (https://arxiv.org/abs/2405.15793) - Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models: Google Project Zero's framework for LLM-driven vulnerability research, a direct point of comparison for slyp's binary-explorer-plus-debugger architecture in the offensive security agent space. (https://googleprojectzero.blogspot.com/2024/06/project-naptime.html) - Teams of LLM Agents can Exploit Zero-Day Vulnerabilities: Earlier evidence for the offense-defense asymmetry the episode raises, focused on web vulnerabilities rather than closed-source Windows binaries. (https://arxiv.org/abs/2406.01637)

An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work Source: https://arxiv.org/abs/2605.05000 Paper was published on May 06, 2026 This episode was AI-generated on May 7, 2026. The script was written by an AI language model and the host voices were synthesized by Eleven Labs. The producer is not affiliated with Anthropic or Eleven Labs. Microsoft just paid $140,000 in bug bounties to an autonomous agent that found 28 previously unknown vulnerabilities in shipping Windows services and wrote working exploits for them. The same frontier models verified zero exploits with their default scaffolding and 26 with the right one — making this as much a story about tool design as about security. Key Takeaways: - How slyp's two-stage 'scout then sapper' architecture goes from decompiled binary to a working proof-of-concept exploit against live Windows services - Why three purpose-built tool servers — binary explorer, COM inspector, live debugger — turn out to matter more than raw model capability - The headline result: 27 of 40 benchmark cases solved with full tooling, versus 0 of 40 for production coding agents on default settings - Real-world deployment numbers: 28 confirmed zero-days, 16 CVEs, three of them low-integrity-to-SYSTEM escalations - Why static analyzers cap out around 0.30 F1 on this bug class while semantic reasoning over decompiled code reaches 0.97 - Honest limitations: benchmark circularity on most cases, 7–11 million tokens per case, and 'verified crash' is not yet weaponized RCE 00:00 - The bug class: races in Windows COM services: A walkthrough of the SetPrintTicket example showing how unlocked shared-pointer access in a multi-threaded service produces use-after-free and double-free primitives. 02:43 - Why traditional tools struggle here: Why fuzzers can't reliably hit race windows, why pattern-based static analyzers like COMRace miss bugs, and why manual reverse engineering doesn't scale. 05:27 - slyp's architecture: three tool servers behind the model: How the binary explorer, COM inspector, and dynamic debugger embed the mechanical work so the model spends tokens on semantic reasoning. 08:11 - Scout then sapper: the two-stage pipeline: How stage one produces a structured vulnerability report from binary exploration and stage two iterates compile-debug cycles to land a working exploit. 10:55 - Benchmark results and the scaffolding lesson: slyp hits 0.97 F1 on discovery and solves 27 of 40 exploit cases, while default coding agents on the same models verify zero — and the gap widens further on weaker models. 13:38 - Real-world deployment against Microsoft Windows: 28 confirmed vulnerabilities, 16 CVEs, $140,000 in bounties across nine services, including three direct low-integrity-to-SYSTEM escalations. 16:22 - Steelman critiques: Benchmark circularity, the in-house static analyzer comparison, the gap between verified crash and weaponized exploit, and the per-case token cost. 19:06 - What generalizes beyond security: Why closed-source binary analysis is now in reach for agents, what the offense-defense math implies, and what the scaffolding result means for anyone building agents. Recommended Reading: - SWE-agent: Agent-Computer Interfaces Enable Automated Software Engineering: Makes the same scaffolding-matters argument the episode highlights — that the interface between an LLM and its tools, not the model alone, determines agent capability. (https://arxiv.org/abs/2405.15793) - Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models: Google Project Zero's framework for LLM-driven vulnerability research, a direct point of comparison for slyp's binary-explorer-plus-debugger architecture in the offensive security agent space…

NOW PLAYING

An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work

0:00 21:51

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Ask A Spaceman Archives - 365 Days of Astronomy Ask A Spaceman Archives - 365 Days of Astronomy Podcasting Astronomy Every Day of the Year French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting!

Frequently Asked Questions

How long is this episode of AI Papers: A Deep Dive?

This episode is 21 minutes long.

When was this AI Papers: A Deep Dive episode published?

This episode was published on May 7, 2026.

What is this episode about?

An AI Agent That Found 28 Zero-Days in Windows — And What Made It Work Source: https://arxiv.org/abs/2605.05000 Paper was published on May 06, 2026 This episode was AI-generated on May 7, 2026. The script was written by an AI language model and...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this AI Papers: A Deep Dive episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!