Intruder ships an LLM vuln-discovery product, plus a 0-day
Intruder shipped an LLM code-slicing pipeline that turned up a WordPress plugin zero-day, plus more bugs still under responsible disclosure.
Security vendor Intruder published a writeup on 2026-07-15 describing an internal system they call an “AI-powered vulnerability vending machine” — a pipeline that combines automated code slicing with LLM-driven reasoning to hunt for bugs in open-source projects. Their headline result: a previously undocumented zero-day in a WordPress plugin, plus an unspecified number of additional findings the company says are still under responsible disclosure with the affected maintainers. The plugin isn’t named. The mechanics aren’t reproduced. That reticence is the correct call, and it’s also what makes the announcement itself the story rather than any single bug.
What actually changed
The Intruder writeup is a vendor blog first and a technical paper a distant second, so the useful signal isn’t in the methodology — it’s in what’s being shipped. A commercial security vendor has stood up an internal offensive-research pipeline, driven by an LLM, that produces vulnerability disclosures at a rate low enough to responsibly hand each one to its upstream maintainer. That is a different posture from “we ran a scanner and here’s some findings.” It also lands in the same week Palo Alto Unit 42 documented TuxBot v3 shipping with an LLM’s raw chain-of-thought embedded in the binary, and the same week Microsoft credited AI-assisted triage for the record 570-CVE Patch Tuesday count. Three different sides of the same table, all pointing in roughly the same direction.
The framing Intruder chose — “AI tokens in, zero-days out” — is marketing, and it should be read as marketing. What it accidentally describes is real, though. The dollar cost of running a code-slice-and-reason pass across a mid-sized open-source project has, in the past year, dropped low enough that a mid-tier security company can do it as a side project and get publishable results. That is a different economic reality than the one that shaped the last two decades of vuln discovery.
Analysis
Vuln discovery has been getting cheaper for as long as anyone has been counting. Fuzzers replaced hand-auditing on exposed edges; sanitizer-guided fuzzing replaced dumb fuzzing; symbolic execution replaced sanitizer-guided fuzzing on specific bug classes. Every rung was somebody’s academic paper that became somebody else’s product that became a line item on someone’s budget. The LLM rung is not a rupture. It’s the same trajectory, just at a rate that startles people because the underlying substrate — attention layers over source code — was, five years ago, still an open research question.
The uncomfortable part of the trajectory isn’t the vending machine. It’s who is next to build one. Intruder is a security vendor doing responsible disclosure; that’s the version of this trajectory that goes into a blog post. The version that doesn’t go into a blog post is the same pipeline, running for someone whose disclosure model looks different. The TuxBot v3 developer already tried the offensive side of that, badly. Someone else, better funded and less careless, will try it well. The cost curve does not care whether the operator files with the vendor or with a broker.
The other uncomfortable part: none of this changes the defensive picture in the short term. If Intruder’s pipeline surfaces one zero-day in a plugin that ends up patched and quietly forgotten, the world is slightly better off. If it surfaces ten, and then the cost drops again, and a dozen other vendors run their own versions, the cumulative effect on maintainers of small open-source components is a paper somebody hasn’t written yet. The people already stretched thin managing one CVE a year could be looking at a rising baseline of disclosures they do not have the person-hours to answer. That is not a criticism of Intruder. It is what happens when a cost curve moves and the receiving side has not reorganized around it.
Where this fits
The correct read on the “vending machine” is not that AI is going to find every remaining bug, and not that LLM-assisted discovery is a hype cycle that will pass. Both of those framings age badly. The correct read is that the cost of finding a bug has moved again, and the people who have to respond to bug findings — maintainers, vendors, security teams inside deployment orgs — have not moved with it. That gap is the interesting one to watch over the next twelve months. The plugin whose CVE ID we do not yet know is a footnote. The publication is the datapoint.
Related coverage on this desk: Chaotic Eclipse’s post-Patch-Tuesday LegacyHive PoC drop (the human-researcher timeline, at speed) and Unit 42’s TuxBot v3 writeup (LLM-assisted code, from the other side of the disclosure line). Broader threat-intel tracking at /topics/threat-intel/.
Found this useful? Share it.


