{"id":"https://openalex.org/W4385507608","doi":"https://doi.org/10.1145/3611643.3613083","title":"Getting pwn\u2019d by AI: Penetration Testing with Large Language Models","display_name":"Getting pwn\u2019d by AI: Penetration Testing with Large Language Models","publication_year":2023,"publication_date":"2023-11-30","ids":{"openalex":"https://openalex.org/W4385507608","doi":"https://doi.org/10.1145/3611643.3613083"},"language":"en","primary_location":{"id":"doi:10.1145/3611643.3613083","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3611643.3613083","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613083","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613083","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002108091","display_name":"Andreas Happe","orcid":"https://orcid.org/0009-0000-2484-0109"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Andreas Happe","raw_affiliation_strings":["TU Wien, Vienna, Austria"],"raw_orcid":"https://orcid.org/0009-0000-2484-0109","affiliations":[{"raw_affiliation_string":"TU Wien, Vienna, Austria","institution_ids":["https://openalex.org/I145847075"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033732305","display_name":"J\u00fcrgen Cito","orcid":"https://orcid.org/0000-0001-8619-1271"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"J\u00fcrgen Cito","raw_affiliation_strings":["TU Wien, Vienna, Austria"],"raw_orcid":"https://orcid.org/0000-0001-8619-1271","affiliations":[{"raw_affiliation_string":"TU Wien, Vienna, Austria","institution_ids":["https://openalex.org/I145847075"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5002108091"],"corresponding_institution_ids":["https://openalex.org/I145847075"],"apc_list":null,"apc_paid":null,"fwci":17.2112,"has_fulltext":true,"cited_by_count":101,"citation_normalized_percentile":{"value":0.99465234,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"2082","last_page":"2086"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10181","display_name":"Natural Language Processing Techniques","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9745000004768372,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6012972593307495},{"id":"https://openalex.org/keywords/penetration","display_name":"Penetration (warfare)","score":0.4269496202468872},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.3891322910785675},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3727225661277771},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12563970685005188}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6012972593307495},{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.4269496202468872},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3891322910785675},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3727225661277771},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12563970685005188},{"id":"https://openalex.org/C42475967","wikidata":"https://www.wikidata.org/wiki/Q194292","display_name":"Operations research","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3611643.3613083","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3611643.3613083","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613083","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2308.00121","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2308.00121","pdf_url":"https://arxiv.org/pdf/2308.00121","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3611643.3613083","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3611643.3613083","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613083","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4385507608.pdf"},"referenced_works_count":6,"referenced_works":["https://openalex.org/W3198377975","https://openalex.org/W3199400376","https://openalex.org/W4301393026","https://openalex.org/W4323037544","https://openalex.org/W4323355078","https://openalex.org/W4385849148"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W3204019825"],"abstract_inverted_index":{"The":[0],"field":[1],"of":[2,13,29,124],"software":[3],"security":[4,53],"testing,":[5,9],"more":[6],"specifically":[7],"penetration":[8,37],"requires":[10],"high":[11],"levels":[12],"expertise":[14],"and":[15,20,56,85,96,118],"involves":[16],"many":[17],"manual":[18],"testing":[19,54],"analysis":[21],"steps.":[22],"This":[23],"paper":[24],"explores":[25],"the":[26,66,87,91,106,122],"potential":[27],"use":[28,47],"large-language":[30],"models,":[31],"such":[32],"as":[33],"GPT3.5,":[34],"to":[35,89],"augment":[36],"testers":[38],"with":[39,77],"AI":[40,125],"sparring":[41,126],"partners.":[42,127],"We":[43,109],"explore":[44],"two":[45],"distinct":[46],"cases:":[48],"high-level":[49],"task":[50],"planning":[51],"for":[52,94,116],"assignments":[55],"low-level":[57,75],"vulnerability":[58],"hunting":[59],"within":[60,105],"a":[61,70,78],"vulnerable":[62,79],"virtual":[63,80,107],"machine.":[64,108],"For":[65],"latter,":[67],"we":[68],"implemented":[69],"closed-feedback":[71],"loop":[72],"between":[73],"LLM-generated":[74],"actions":[76],"machine":[81,92],"(connected":[82],"through":[83],"SSH)":[84],"allowed":[86],"LLM":[88],"analyze":[90],"state":[93],"vulnerabilities":[95],"suggest":[97],"concrete":[98],"attack":[99],"vectors":[100],"which":[101],"were":[102],"automatically":[103],"executed":[104],"discuss":[110],"promising":[111],"initial":[112],"results,":[113],"detail":[114],"avenues":[115],"improvement,":[117],"close":[119],"deliberating":[120],"on":[121],"ethics":[123]},"counts_by_year":[{"year":2026,"cited_by_count":11},{"year":2025,"cited_by_count":45},{"year":2024,"cited_by_count":40},{"year":2023,"cited_by_count":5}],"updated_date":"2026-01-23T23:20:30.427331","created_date":"2025-10-10T00:00:00"}