{"id":"https://openalex.org/W7161056873","doi":"https://doi.org/10.48550/arxiv.2605.11086","title":"ExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?","display_name":"ExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?","publication_year":2026,"publication_date":"2026-05-11","ids":{"openalex":"https://openalex.org/W7161056873","doi":"https://doi.org/10.48550/arxiv.2605.11086"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.11086","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.11086","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.11086","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5136026168","display_name":"Zhun Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Zhun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081483595","display_name":"Nico Schiller","orcid":"https://orcid.org/0009-0004-6401-5989"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Schiller, Nico","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136088864","display_name":"Hongwei Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Hongwei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136085823","display_name":"Srijiith Sesha Narayana","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Narayana, Srijiith Sesha","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059480732","display_name":"Milad Nasr","orcid":"https://orcid.org/0000-0002-1913-6157"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nasr, Milad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034257647","display_name":"Nicholas Carlini","orcid":"https://orcid.org/0000-0002-1463-3461"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Carlini, Nicholas","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136075878","display_name":"Xiangyu Qi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qi, Xiangyu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136035439","display_name":"Eric Wallace","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wallace, Eric","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058819105","display_name":"Elie Bursztein","orcid":"https://orcid.org/0000-0003-0316-6906"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bursztein, Elie","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064912041","display_name":"Luca Invernizzi","orcid":"https://orcid.org/0000-0001-8420-0760"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Invernizzi, Luca","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136082787","display_name":"Kurt Thomas","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Thomas, Kurt","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026842092","display_name":"Yan Shoshitaishvili","orcid":"https://orcid.org/0000-0001-8832-1789"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shoshitaishvili, Yan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136020372","display_name":"Wenbo Guo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guo, Wenbo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136001909","display_name":"Jingxuan He","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"He, Jingxuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136003715","display_name":"Thorsten Holz","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Holz, Thorsten","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5136082073","display_name":"Dawn Song","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Song, Dawn","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.37070000171661377,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.37070000171661377,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.19290000200271606,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1080000028014183,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.892300009727478},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6728000044822693},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5774000287055969},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5637999773025513},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.555899977684021},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.3797000050544739},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.3644999861717224},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.3458000123500824}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.892300009727478},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.718500018119812},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6728000044822693},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6345999836921692},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5774000287055969},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5637999773025513},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.555899977684021},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.3797000050544739},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3644999861717224},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.3458000123500824},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.3393999934196472},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.33079999685287476},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.29440000653266907},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.28760001063346863},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.28209999203681946},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.2815999984741211},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.28119999170303345},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.25859999656677246}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.11086","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.11086","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.11086","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.11086","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"score":0.6747323870658875,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"AI":[0,106,248],"agents":[1,118],"are":[2,167,196],"rapidly":[3],"gaining":[4],"capabilities":[5,104],"that":[6,112,176],"could":[7],"significantly":[8],"reshape":[9],"cybersecurity,":[10],"making":[11],"rigorous":[12],"evaluation":[13,174],"urgent.":[14],"A":[15],"critical":[16],"capability":[17],"is":[18,24,43,68],"exploitation:":[19],"turning":[20],"a":[21,30,44,96,109,114,124,186],"vulnerability,":[22,115],"which":[23,206],"not":[25],"yet":[26],"an":[27,233],"attack,":[28],"into":[29,123],"concrete":[31],"security":[32,153],"impact,":[33],"such":[34],"as":[35,232],"unauthorized":[36],"file":[37],"access":[38],"or":[39],"code":[40],"execution.":[41],"Exploitation":[42],"particularly":[45],"challenging":[46],"task":[47],"because":[48],"it":[49,67,122],"requires":[50],"low-level":[51],"program":[52,110],"reasoning":[53],"(e.g.,":[54],"about":[55],"memory":[56],"layout),":[57],"runtime":[58],"adaptation,":[59],"and":[60,83,146,203,212,238],"sustained":[61],"progress":[62],"over":[63],"long":[64],"horizons.":[65],"Meanwhile,":[66],"inherently":[69],"dual-use,":[70],"supporting":[71],"defensive":[72],"workflows":[73],"while":[74,177],"lowering":[75],"the":[76,102,147,152,193,240],"barrier":[77],"for":[78,210,236],"offense.":[79],"Despite":[80],"its":[81],"importance":[82],"diagnostic":[84],"value,":[85],"exploitation":[86,103,178,237],"remains":[87,179],"under-evaluated.":[88],"To":[89],"address":[90],"this":[91],"gap,":[92],"we":[93],"introduce":[94],"ExploitGym,":[95],"large-scale,":[97],"diverse,":[98],"realistic":[99],"benchmark":[100,128],"on":[101,162],"of":[105,189],"agents.":[107,249],"Given":[108],"input":[111],"triggers":[113],"ExploitGym":[116,231],"tasks":[117],"with":[119,218],"progressively":[120],"extending":[121],"working":[125,208],"exploit.":[126],"The":[127],"comprises":[129],"898":[130],"instances":[131],"sourced":[132],"from":[133],"real-world":[134],"vulnerabilities":[135],"across":[136],"three":[137],"domains,":[138],"including":[139],"userspace":[140],"programs,":[141],"Google's":[142],"V8":[143],"JavaScript":[144],"engine,":[145],"Linux":[148],"kernel.":[149],"We":[150],"vary":[151],"protections":[154],"applied":[155],"to":[156],"each":[157],"instance,":[158],"isolating":[159],"their":[160],"impact":[161],"agent":[163],"performance.":[164],"All":[165],"configurations":[166,195],"packaged":[168],"in":[169],"reproducible":[170],"containerized":[171],"environments.":[172],"Our":[173],"shows":[175],"challenging,":[180],"frontier":[181],"models":[182,223],"can":[183],"successfully":[184],"exploit":[185],"non-trivial":[187,225],"fraction":[188],"vulnerabilities.":[190],"For":[191],"example,":[192],"strongest":[194],"Anthropic's":[197],"latest":[198],"model":[199],"Claude":[200],"Mythos":[201],"Preview":[202],"OpenAI's":[204],"GPT-5.5,":[205],"produce":[207],"exploits":[209],"157":[211],"120":[213],"instances,":[214],"respectively.":[215],"Notably,":[216],"even":[217],"widely":[219],"used":[220],"defenses":[221],"enabled,":[222],"retain":[224],"success":[226],"rates.":[227],"These":[228],"results":[229],"establish":[230],"effective":[234],"testbed":[235],"highlight":[239],"growing":[241],"cybersecurity":[242],"risks":[243],"posed":[244],"by":[245],"increasingly":[246],"capable":[247]},"counts_by_year":[{"year":2026,"cited_by_count":2}],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-05-14T00:00:00"}
