An autonomous AI agent earned $140,000 by hunting down and exploiting secret security flaws in the Windows operating system.
The SLYP agent discovered 16 new high-severity vulnerabilities in Windows binaries without any human help. It didn't just find the bugs, it autonomously navigated the deep internals of the operating system to create verified exploit code. Microsoft confirmed the findings, marking a massive leap in how we think about automated cyberattacks. This shift means that software companies are now in a race against AI systems that can find and weaponize flaws in seconds. It changes the security landscape from a human-led effort to a high-speed battle between autonomous agents.
Agentic Vulnerability Reasoning on Windows COM Binaries
arXiv · 2605.05000
Windows Component Object Model (COM) services run with elevated privileges and are widely accessible to authenticated users, making race conditions in these binaries a critical surface for local privilege escalation. We present SLYP, an end-to-end agentic pipeline that discovers race condition vulnerabilities in COM binaries and generates debugger-verified proof-of-concept (PoC) code. SLYP exposes binary exploration, COM inspection, and dynamic debugging as reusable tool interfaces, giving agent