{"id":"https://openalex.org/W7164578398","doi":"https://doi.org/10.48550/arxiv.2606.13079","title":"The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems","display_name":"The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems","publication_year":2026,"publication_date":"2026-06-11","ids":{"openalex":"https://openalex.org/W7164578398","doi":"https://doi.org/10.48550/arxiv.2606.13079"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2606.13079","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.13079","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2606.13079","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121652333","display_name":"Jiaqi Luo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luo, Jiaqi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138554842","display_name":"Jiarun Dai","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dai, Jiarun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137293037","display_name":"Zhile Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Zhile","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138529652","display_name":"Jia Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Jia","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112462500","display_name":"Weibing Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Weibing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138486130","display_name":"Yawen Duan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Duan, Yawen","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087031022","display_name":"Brian Tse","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tse, Brian","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138537011","display_name":"Geng Hong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hong, Geng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138502158","display_name":"Xudong Pan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pan, Xudong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138548233","display_name":"Yuan Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5138488855","display_name":"Min Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Min","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.37229999899864197,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.37229999899864197,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.195700004696846,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.08619999885559082,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8108000159263611},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5888000130653381},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.4934999942779541},{"id":"https://openalex.org/keywords/penetration","display_name":"Penetration (warfare)","score":0.40700000524520874},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.37380000948905945},{"id":"https://openalex.org/keywords/autonomous-agent","display_name":"Autonomous agent","score":0.3612000048160553},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.35519999265670776},{"id":"https://openalex.org/keywords/harm","display_name":"Harm","score":0.3172000050544739}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8108000159263611},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6870999932289124},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5992000102996826},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5888000130653381},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.4934999942779541},{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.40700000524520874},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.37380000948905945},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.3612000048160553},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.35519999265670776},{"id":"https://openalex.org/C2777363581","wikidata":"https://www.wikidata.org/wiki/Q15098235","display_name":"Harm","level":2,"score":0.3172000050544739},{"id":"https://openalex.org/C59519942","wikidata":"https://www.wikidata.org/wiki/Q650665","display_name":"Drone","level":2,"score":0.2994999885559082},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.29589998722076416},{"id":"https://openalex.org/C9628104","wikidata":"https://www.wikidata.org/wiki/Q788009","display_name":"Autonomous system (mathematics)","level":2,"score":0.2921000123023987},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.2874000072479248},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.28049999475479126},{"id":"https://openalex.org/C103613024","wikidata":"https://www.wikidata.org/wiki/Q230924","display_name":"Stateless protocol","level":3,"score":0.2791000008583069},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2777999937534332},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2761000096797943},{"id":"https://openalex.org/C2779797433","wikidata":"https://www.wikidata.org/wiki/Q632959","display_name":"Blacklisting","level":2,"score":0.2667999863624573},{"id":"https://openalex.org/C2780934415","wikidata":"https://www.wikidata.org/wiki/Q20997131","display_name":"Border Security","level":2,"score":0.26660001277923584},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.266400009393692},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.26589998602867126},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.2524000108242035},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.25049999356269836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2606.13079","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.13079","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2606.13079","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.13079","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Nowadays,":[0],"the":[1,18,43,80,116,157,169,200],"autonomous":[2,34,81,142,246],"execution":[3],"of":[4,7,17,45,74,84,147,164,171,195,212],"cyberattacks":[5],"capable":[6],"causing":[8],"substantial":[9],"real-world":[10],"harm":[11],"is":[12],"widely":[13],"regarded":[14],"as":[15],"one":[16],"critical":[19],"red":[20],"lines":[21],"that":[22,230,245],"frontier":[23],"AI":[24,47,85,121],"systems":[25,48,122],"must":[26],"not":[27],"cross.":[28],"Within":[29],"this":[30,126],"broader":[31,130],"red-line":[32],"scenario,":[33],"penetration":[35,82,143,234,247],"represents":[36],"a":[37,55,140,179,193,204,210],"core":[38,127],"enabling":[39],"capability":[40,128,248],"and":[41,62,65,109,112,152,186,225,228],"subtask:":[42],"ability":[44],"LLM-powered":[46],"to":[49,78,118,240,250],"independently":[50],"conduct":[51],"adversarial":[52],"operations":[53],"against":[54],"target":[56,150,165,197],"server":[57],"without":[58,174,216],"human":[59],"intervention,":[60],"identify":[61],"exploit":[63],"vulnerabilities,":[64],"obtain":[66],"unauthorized":[67],"access":[68],"or":[69,97,102],"control.":[70],"A":[71],"growing":[72],"body":[73],"work":[75],"has":[76],"sought":[77],"assess":[79],"capabilities":[83],"systems.":[86],"However,":[87],"existing":[88],"evaluations":[89],"often":[90],"employ":[91],"opaque":[92],"methodologies,":[93],"rely":[94],"on":[95,156,168],"unrealistic":[96],"overly":[98],"simplified":[99],"penetration-testing":[100],"scenarios,":[101],"provide":[103],"LLMs":[104],"with":[105,209],"excessive":[106],"prior":[107,219],"knowledge":[108],"task-specific":[110],"guidance,":[111],"cannot":[113],"accurately":[114],"capture":[115],"extent":[117],"which":[119],"modern":[120],"can":[123],"autonomously":[124],"perform":[125],"within":[129],"high-impact":[131],"cyberattack":[132],"scenarios.":[133],"To":[134],"address":[135],"these":[136],"limitations,":[137],"we":[138,160,243],"construct":[139],"new":[141],"evaluation":[144],"framework":[145],"consisting":[146],"two":[148,162],"components:":[149],"servers":[151],"agent":[153,201,206],"scaffolding.":[154],"Specifically,":[155],"target-server":[158],"side,":[159],"design":[161],"levels":[163],"environments":[166],"based":[167],"number":[170],"secure":[172,184,189],"services":[173],"known":[175],"vulnerabilities":[176],"deployed":[177],"alongside":[178,252],"vulnerable":[180],"service:":[181],"Tier~1":[182],"(one":[183],"service)":[185],"Tier~2":[187],"(three":[188],"services),":[190],"resulting":[191],"in":[192,254],"total":[194],"300":[196],"servers.":[198],"Meanwhile,":[199],"scaffolding":[202],"adopts":[203],"general-purpose":[205,213],"architecture":[207],"equipped":[208],"set":[211],"cybersecurity":[214],"tools,":[215],"any":[217],"target-specific":[218],"knowledge.":[220],"We":[221],"evaluate":[222],"19":[223],"open-weight":[224],"proprietary":[226],"LLMs,":[227],"find":[229],"current":[231],"models":[232],"achieve":[233],"success":[235],"rates":[236],"ranging":[237],"from":[238],"10.7%":[239],"69.3%.":[241],"Moreover,":[242],"observe":[244],"continues":[249],"improve":[251],"advances":[253],"overall":[255],"model":[256],"capability.":[257]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-06-13T00:00:00"}
