Using Large Language Models to Accelerate Vulnerability Research, Reverse Engineering, and Offensive Security
Dedication
Introduction: The New Exploit Developer’s Toolkit
- How This Book Is Organized
- Who This Book Is For
- What This Book Does Not Cover
- A Note on Ethics and Responsibility
- How to Use This Book
Chapter 1: The New Exploit Developer’s Toolkit
- The New Reality: What Has Changed
- A Second Case: Finding a Linux Kernel Zero-Day with o3
- A Third Case: Autonomous Exploit Generation Against Modern Mitigations
- What AI Does Well: The Force Multiplier Effect
- Thinking About AI as a Tool, Not a Replacement
- A Note on Ethics and Responsibility
Chapter 2: Foundations of AI-Assisted Security Research
- How Transformers Work: Enough to Understand What They Can and Cannot Do
- Prompt-Based Inference vs. Fine-Tuning: Choosing Your Approach
- Prompt Engineering Paradigms for Security
- The Trust Boundary: Formalizing Human-AI Interaction
- Key Principles for Working with AI in Security Workflows
- Hands-On Lab: Evaluating LLM Output Reliability
Chapter 3: The Evolution of Automation in Security Research
- The Early Era: Signature-Based Detection and Rule Matching
- The Structural Analysis Era: Static and Dynamic Program Analysis
- The Generative AI Era: LLMs as Security Co-Pilots
- The Quantitative Leap: What AI Adds to Each Era
- Why AI Represents a Qualitative Shift
- The Limits of Automation: What No Paradigm Can Do
- Hands-On Lab: Tracing the Evolution of Automation
Chapter 4: Setting Up an AI-Augmented Research Environment
- The Landscape of AI Tools for Security Research
- Local LLM Deployment Options
- Cloud API Considerations
- Integrating AI with Reverse Engineering Platforms
- The Model Context Protocol: Connecting AI to Tools
- Operational Security for AI-Assisted Workflows
- Hands-On Lab: Deploying a Local AI Research Environment
Chapter 5: AI in Binary Analysis and Reverse Engineering
- Automated Function Identification and Naming
- Decompilation Refinement with LLMs
- Guided Reverse Engineering: Asking the Right Questions
- Case Study: AI-Assisted Analysis of XLoader 8.0
- Limitations and Failure Modes
- Hands-On Lab: AI-Assisted Binary Analysis with Evidence-First Prompting
Chapter 6: Vulnerability Discovery with AI and Fuzzing
- The State of AI-Guided Fuzzing
- Key Research: FuzzGPT, CHATAFL, TitanFuzz, and Beyond
- Performance Comparison: Traditional vs. AI-Guided Fuzzing
- The Validation Problem
- Static Analysis Augmentation with AI
- Web Application Vulnerability Discovery
- Case Study: Sean Heelan’s CVE-2025-37899 Discovery
- Hands-On Lab: AI-Guided Protocol Fuzzing with CHATAFL Principles
Chapter 7: Proof-of-Concept Exploit Development
- The Landscape: AI-Powered Exploit Development Platforms
- Shellcode Generation
- ROP Chain Construction
- Mitigation Bypass Techniques
- Case Study: Sean Heelan’s QuickJS Exploit Experiments
- Safety, Ethics, and Responsible Disclosure
- Hands-On Lab: Building an AI-Assisted Shellcode Test Harness
Chapter 8: Malware Analysis and AI-Assisted Triage
- The Malware Analysis Pipeline
- AI-Powered Initial Triage
- Benchmarking LLMs for Malware Triage
- Automated YARA Rule Generation
- Unpacking and Deobfuscation with AI
- Case Study: Rapid Triage of a New Malware Family
- Limitations and Risks
- Hands-On Lab: AI-Assisted Malware Triage with YARA Generation
Chapter 9: Web Application Exploit Development with AI
- The Web Application Attack Surface
- Burp Suite and AI Integration
- AI-Assisted Vulnerability Discovery Workflows
- Common Pitfalls and How to Avoid Them
- Hands-On Lab: AI-Assisted Web Application Vulnerability Discovery
Chapter 10: Advanced Workflows and Automation
- Building AI-Powered RE/ED Pipelines
- MCP-Enabled Tooling: Connecting LLMs to Debuggers and Disassemblers
- Automated Report Generation and Documentation
- Multi-Agent Workflows: Orchestrating Multiple AI Models
- Case Study: End-to-End AI-Assisted Vulnerability Research Pipeline
- Scaling Your Workflow: From Individual Researcher to Team Operations
Chapter 11: Operational Security and Risk Management
- The Data Flow Problem: What Goes Where, When, and Why
- Practitioner Pushback: Why Many Reverse Engineers Refuse AI
- Operational Security Protocols: A Practical Framework
- The Economic Reality of AI-Assisted Security Work
- Legal and Ethical Considerations
- Hands-On Lab: Building an OpSec-Secure AI Research Environment
Chapter 12: The Future of AI-Assisted Exploit Development
- Multimodal Models and Vision-Based Reverse Engineering
- Specialized Security LLMs: The Domain-Specific Revolution
- The Arms Race: AI-Assisted Attacks vs. AI-Assisted Defense
- Skills That Will Remain Valuable as AI Matures
- What the Next Five Years Look Like
- Preparing for the Future: A Strategic Framework
Chapter 13: Becoming the AI-Augmented Expert
- The Expert’s Mental Model: A Decision Framework
- The Iterative Refinement Loop
- Building Your Personal AI Toolkit
- The Professional’s Code: Ethical Guidelines for AI-Assisted Security Research
- The Long Game: Sustaining Effectiveness Over Time

