AI Hunts Zero-Days Solo: How 0day Rubbish Cracked Cisco CUCM with Multi-LLM Teamwork

Hacker News July 2026
Source: Hacker NewsAI securityArchive: July 2026
A new platform called 0day Rubbish has autonomously discovered and disclosed a critical zero-day vulnerability in Cisco Unified Communications Manager (CUCM) 14.0, achieving a CVSS score of 9.8. This marks the first known instance of a multi-LLM system independently chaining a six-stage attack from SQL injection to root access, signaling a paradigm shift in cybersecurity.

The cybersecurity landscape has been jolted by the emergence of 0day Rubbish, a platform that leverages multiple large language models (LLMs) to automate the discovery and disclosure of zero-day vulnerabilities. Its first public success: a critical remote code execution chain in Cisco CUCM 14.0, rated CVSS 9.8. The attack chain, spanning six stages from SQL injection to full root compromise, was executed without any human intervention. This achievement demonstrates that AI has moved beyond being a mere assistant for human analysts to becoming an autonomous offensive agent capable of deep architectural reasoning. The platform's 'risk-driven disclosure' strategy prioritizes releasing only vulnerabilities with high exploitability, which could pressure vendors into faster patching cycles. However, the same technology poses a grave risk: if AI can find zero-days for defenders, it can also weaponize them for attackers. The industry must now confront a new reality where the fastest way to find a vulnerability is to ask an AI.

Technical Deep Dive

The 0day Rubbish platform is not a single monolithic model but an orchestrated ensemble of specialized LLMs. The architecture employs a 'router' model that decomposes the high-level goal—find a remote code execution in CUCM 14.0—into sub-tasks: reconnaissance, fuzzing strategy, SQL injection analysis, privilege escalation, and payload generation. Each sub-task is assigned to a different LLM fine-tuned for that domain. For example, one model might specialize in parsing Cisco's proprietary Skinny Call Control Protocol (SCCP) messages, while another focuses on Linux kernel privilege escalation techniques.

The platform uses a feedback loop: intermediate results from one model are fed back into the router, which reassesses the overall plan. This is reminiscent of the 'ReAct' (Reasoning + Acting) pattern popularized by Google DeepMind, but scaled to a multi-agent system. The key innovation is the 'vulnerability chain synthesis' module, which takes the outputs of individual models (e.g., a SQL injection point, a file path, a SUID binary) and attempts to connect them into a coherent exploit chain. This requires the system to understand not just individual vulnerabilities, but their causal relationships within the target software's execution flow.

From an engineering perspective, the platform likely uses a combination of static and dynamic analysis. Static analysis involves feeding the LLMs decompiled code or API documentation (Cisco CUCM is based on Linux and uses a mix of Java and C++). Dynamic analysis involves running a sandboxed instance of CUCM 14.0 and probing it with generated inputs. The SQL injection stage, for instance, would require the LLM to understand the database schema (likely Informix or PostgreSQL) and craft a UNION-based injection that extracts password hashes. The final root escalation stage might involve exploiting a misconfigured cron job or a SUID binary like `sudo` or a custom Cisco tool.

A relevant open-source project that parallels this approach is 'AutoGPT' (GitHub: 160k+ stars), which uses GPT-4 to autonomously break down tasks. However, 0day Rubbish goes further by using multiple specialized models rather than a single generalist. Another project, 'PentestGPT' (GitHub: 7k+ stars), is a penetration testing tool that uses LLMs to guide human testers, but it does not autonomously chain exploits. The 0day Rubbish team has not open-sourced their platform, but their approach suggests a significant advancement in multi-agent reinforcement learning for cybersecurity.

| Feature | 0day Rubbish | PentestGPT | AutoGPT (Security) |
|---|---|---|---|
| Multi-LLM orchestration | Yes (router + specialized models) | No (single model) | No (single model) |
| Autonomous exploit chaining | Yes (6-stage chain) | No (human-in-loop) | Limited (task decomposition only) |
| Target specificity | High (CUCM 14.0) | General | General |
| Disclosure model | Risk-driven | N/A | N/A |
| Public repo | No | Yes (7k stars) | Yes (160k stars) |

Data Takeaway: 0day Rubbish's multi-LLM architecture is a step function beyond existing tools. While AutoGPT and PentestGPT demonstrate LLM reasoning, they lack the specialized model coordination required to chain complex, multi-stage exploits autonomously.

Key Players & Case Studies

The 0day Rubbish platform was developed by a pseudonymous group of researchers operating under the handle '0day Rubbish Team.' Their identity remains unknown, but their work has been validated by independent security researchers who confirmed the CUCM vulnerability chain. The target, Cisco CUCM 14.0, is a widely deployed VoIP and unified communications server used by enterprises globally. Cisco's PSIRT (Product Security Incident Response Team) has been notified and is reportedly working on a patch.

This is not the first AI-driven vulnerability discovery, but it is the most complete. Previous efforts include:

- Microsoft's Project 2020: Used a machine learning model to detect SQL injection and cross-site scripting in Bing, but it was a classifier, not an exploit generator.
- DARPA's Cyber Grand Challenge (2016): Automated systems like 'Mayhem' could find and patch bugs, but they operated in a constrained CTF environment, not against a real-world enterprise product.
- Google's Big Sleep (2024): Used Gemini to find a stack buffer overflow in SQLite, but the exploit chain was not fully autonomous—it required human analysis to confirm.

The 0day Rubbish case is different because the AI completed the entire kill chain without human intervention. This has immediate implications for the bug bounty industry. Platforms like HackerOne and Bugcrowd rely on human researchers to find vulnerabilities. If AI can replicate this process at scale, the value of human bug hunters for certain classes of vulnerabilities may decline. However, AI still struggles with logic flaws that require deep business context, so human expertise will remain valuable for complex web applications and business logic bugs.

| Vulnerability Discovery Method | Time to Find CUCM-level Zero-Day | Cost | Human Effort |
|---|---|---|---|
| Traditional human researcher | 2-6 months | $50k-$200k (bounty) | High |
| Automated fuzzing (e.g., AFL) | 1-3 months (if source code available) | $5k (cloud compute) | Medium (setup) |
| 0day Rubbish (AI) | ~2 weeks (estimated) | $10k (LLM API costs) | Low (monitoring) |

Data Takeaway: The AI-driven approach slashes discovery time by an order of magnitude and reduces cost by 80-95% compared to traditional human-led discovery. This will force bug bounty platforms to rethink their pricing and incentive models.

Industry Impact & Market Dynamics

The immediate market impact is a disruption of the vulnerability research ecosystem. Companies like CrowdStrike, Palo Alto Networks, and Mandiant have invested heavily in human-led threat research. If AI platforms like 0day Rubbish become commoditized, these firms will need to either acquire similar AI capabilities or risk being outpaced in finding zero-days for their own products.

For enterprise security teams, the implication is clear: they can now deploy AI to continuously scan their own infrastructure for zero-days, rather than waiting for external researchers or attackers to find them. This aligns with the 'proactive defense' trend, but it also introduces a new risk: the AI might find a vulnerability that the enterprise cannot patch quickly, creating a 'known vulnerability window' that attackers could exploit.

The 'risk-driven disclosure' model of 0day Rubbish is particularly interesting. Instead of dumping all vulnerabilities publicly (full disclosure), the platform assesses the exploitability and impact. High-risk vulnerabilities are disclosed to the vendor first with a 90-day deadline; lower-risk ones may be published immediately. This is similar to Google's Project Zero policy but automated. This could lead to faster patching cycles, as vendors cannot ignore a vulnerability that an AI has already weaponized.

| Market Segment | Current State | Post-0day Rubbish Prediction | Timeline |
|---|---|---|---|
| Bug Bounty Platforms | Human-only | Hybrid (AI + human) | 1-2 years |
| Enterprise Security Teams | Reactive patching | Proactive AI scanning | 2-3 years |
| Vulnerability Research Firms | Human-led | AI-assisted or AI-led | 3-5 years |
| Attack Tool Market | Manual exploit kits | AI-generated zero-day chains | 1-2 years |

Data Takeaway: The market for AI-driven vulnerability discovery is nascent but poised for explosive growth. We predict a 10x increase in the number of zero-days discovered by AI within the next 18 months, driven by falling LLM costs and improved multi-agent coordination.

Risks, Limitations & Open Questions

The most obvious risk is the dual-use nature of this technology. The same platform that Cisco can use to find bugs in its own software can be used by nation-state actors to find zero-days in their adversaries' systems. The barrier to entry is low: anyone with access to LLM APIs and a target software instance can attempt to replicate this. This democratization of zero-day discovery is a double-edged sword.

There are also technical limitations. The 0day Rubbish platform succeeded against CUCM 14.0, which is a known product with extensive documentation. How well would it perform against a closed-source, obfuscated binary like a SCADA system or a custom embedded device? The LLMs' ability to reason about proprietary protocols without documentation is unproven. Additionally, the platform's reliance on LLMs means it inherits their biases and hallucinations. A model might generate a plausible-looking exploit chain that does not actually work, wasting compute resources and potentially causing false alarms.

Ethically, the 'risk-driven disclosure' policy raises questions. Who decides what constitutes 'high risk'? If the AI deems a vulnerability too dangerous to disclose, does that suppress security research? There is also the question of liability: if a company uses 0day Rubbish and the AI accidentally crashes a production system during testing, who is responsible?

Open Questions:
- Can this approach be generalized to non-web targets (e.g., kernel drivers, IoT firmware)?
- How do we prevent attackers from using the same platform to find zero-days in critical infrastructure?
- Will LLM providers (OpenAI, Anthropic, Google) implement safeguards to prevent their models from being used for autonomous exploit generation?

AINews Verdict & Predictions

The 0day Rubbish platform is a watershed moment. It proves that AI can autonomously discover and exploit zero-day vulnerabilities in complex enterprise software. We are moving from 'AI as a tool' to 'AI as an agent' in cybersecurity. Our predictions are as follows:

1. Within 12 months, at least three major cybersecurity vendors will announce their own multi-LLM vulnerability discovery platforms. Expect acquisitions of small AI security startups.
2. Within 24 months, the first 'AI vs. AI' zero-day race will occur, where an attacker's AI discovers a vulnerability and a defender's AI patches it before human intervention.
3. The bug bounty market will bifurcate: low-hanging fruit (SQLi, XSS) will be fully automated by AI, while high-value logic bugs and architectural flaws will remain the domain of human experts, commanding higher bounties.
4. Regulatory pressure will increase: Governments will likely mandate that critical infrastructure operators deploy AI-driven vulnerability scanning, similar to how they mandate regular penetration testing today.

The genie is out of the bottle. The question is not whether AI will find zero-days, but how we will manage the speed and scale of discovery. The winners will be those who embrace AI as both a sword and a shield.

More from Hacker News

UntitledThe consumer AI market is experiencing a profound and largely unexamined drought. While enterprise AI agents and B2B SaaUntitledEven Realities, a company known for minimalist smart glasses, has unveiled Terminal Mode—a software update that redefineUntitledFor years, large language models have been black boxes: we feed them a prompt, they output a response, and the internal Open source hub5660 indexed articles from Hacker News

Related topics

AI security64 related articles

Archive

July 2026599 published articles

Further Reading

Copilot Gets Security Hunter: Anthropic's Bug-Finding Framework Ported to Microsoft's AIA developer has ported Anthropic's autonomous vulnerability discovery framework from Claude Code to GitHub Copilot CLI, LLM-Discovered FreeBSD Bug Stopped by CHERI Hardware: A Security Paradigm ShiftFor the first time, a large language model discovered a critical memory corruption vulnerability in FreeBSD, but the attChina's Z.Ai and 360 Claim AI Security Models Rival Anthropic's Mythos: A New Cyber EraTwo Chinese cybersecurity firms, Z.Ai and 360, have independently declared that their proprietary AI models for threat dAnthropic vs Alibaba: The Model Extraction Crisis That Changes AI Security ForeverAnthropic has leveled a bombshell accusation against Alibaba, alleging the Chinese tech giant illegally extracted core c

常见问题

这次模型发布“AI Hunts Zero-Days Solo: How 0day Rubbish Cracked Cisco CUCM with Multi-LLM Teamwork”的核心内容是什么?

The cybersecurity landscape has been jolted by the emergence of 0day Rubbish, a platform that leverages multiple large language models (LLMs) to automate the discovery and disclosu…

从“How does multi-LLM vulnerability discovery work?”看,这个模型发布为什么重要?

The 0day Rubbish platform is not a single monolithic model but an orchestrated ensemble of specialized LLMs. The architecture employs a 'router' model that decomposes the high-level goal—find a remote code execution in C…

围绕“What is the risk of AI finding zero-days for attackers?”,这次模型更新对开发者和企业有什么影响?

开发者通常会重点关注能力提升、API 兼容性、成本变化和新场景机会,企业则会更关心可替代性、接入门槛和商业化落地空间。