Intruder's AI 'vulnerability vending machine' finds a WordPress zero-day on its own

A security firm wired large language models into code-analysis tools and produced a working exploit for an unknown plugin flaw. It says more disclosures are on the way.

ThreatVectr Newsdesk· 4 min read
Photoreal editorial shot of a vintage red vending machine in a dim server room, glowing softly, dispensing translucent glass capsules that contain glowing circu
Share

Key points

  • Intruder, a UK-based security company, has built an automated system that pairs large language models with code-analysis techniques to hunt for software flaws.
  • The system found a previously unknown vulnerability, known as a zero-day, in a WordPress plugin and produced a working exploit without human help.
  • Intruder says further discoveries from the same pipeline are already going through responsible disclosure to affected vendors.
  • The project, first reported by BleepingComputer, hints at a shift where AI agents scale up bug-hunting work that used to need skilled researchers.
  • WordPress site owners should keep plugins updated automatically and remove any plugin they are not actively using.

Intruder has been quietly building something the rest of the security industry will want to poke at. The company calls it a "vulnerability vending machine": you feed it AI tokens, and out come zero-days.

A zero-day is a software flaw the maker does not yet know about, which means there is no patch when attackers start using it.

The pitch sounds like marketing. The proof, according to Intruder, is a real bug in a real WordPress plugin that its system found and exploited on its own.

How does an AI actually find a zero-day?

The system combines two ideas that have existed separately for years.

The first is code slicing. That is a technique where a tool pulls out only the parts of a program that handle a particular piece of data, so a reviewer can see the path from user input to something dangerous, like a database query or a file being written.

The second is a large language model, the same kind of AI that powers chatbots. On its own, an LLM is a poor bug hunter. It hallucinates. It invents functions that do not exist. It confidently reports flaws that are not there.

Intruder's trick is to stop asking the AI to read entire codebases. Instead, the slicer hands it small, focused chunks of code that follow one specific data flow. The AI then reasons about that narrow slice: can an attacker control this input, and does it reach somewhere it should not?

When the model thinks it has found something, the system tries to build a working exploit to prove it. If the exploit fires, the finding is real. If it does not, the report is thrown out. That single check kills most of the false alarms LLMs are famous for.

What did it actually find?

Intruder says the pipeline discovered a previously unknown vulnerability in a WordPress plugin and generated a working proof-of-concept exploit against it. The plugin vendor is going through the standard responsible disclosure process, where researchers give the maker time to patch before details go public.

The company says more bugs from the same system are already in the disclosure queue with other vendors.

Intruder has not published the CVE identifier yet. A CVE, short for Common Vulnerabilities and Exposures, is the industry's standard tracking number for a specific flaw. Once the patch ships, expect one to appear on the official CVE registry.

Why this matters beyond one plugin

WordPress runs a large share of the world's websites, and its plugin ecosystem is where most of its security problems live. Small plugins, written by hobbyists, rarely get professional code review. An AI that can review them at scale changes the maths for both defenders and attackers.

The uncomfortable part: the same approach works for whoever runs it. Intruder is a defensive company disclosing responsibly. Criminal groups with budget for AI tokens can build something similar and skip the disclosure step.

Expect more of these announcements through 2025. Google's Project Zero and others have published early results with related techniques. The vending-machine framing is new. The direction is not.

What site owners should do

If you run a WordPress site, turn on automatic updates for both WordPress core and every plugin. Delete plugins you installed once and forgot about; a disabled plugin can still be exploitable. Keep a backup you can actually restore from, stored somewhere the site itself cannot reach.

None of that is new advice. It is about to matter more.

© 2026 Threat Vectr