During our monitoring of dark web forums, we identified a particular case that caught our attention when a threat actor shared in detail their methodology of using an open source project, originally developed for LLM system protection, to identify critical security flaws (and Zero Days) in major open source projects.
What makes this discovery particularly concerning is the repercussion generated in the forum. Several other malicious actors confirmed success in their own attempts, reporting the discovery of new zero-day vulnerabilities in large-scale projects. This post marks a critical moment between artificial intelligence and cybersecurity, where AI tools originally developed for protection are being subverted for malicious purposes.
Project Overview
The main innovation of the project itself lies in its capacity to automatically create and analyze large volumes of code. The project thoroughly examines the flow from user input to server output, identifying patterns that might indicate complex, multi-stage vulnerabilities that frequently escape traditional static analysis tools or pentest specialists, especially during our monitoring.

The tool was specifically designed to analyze GitHub repositories, requiring only an API key (either from Anthropic or OpenAI) and the local path to the target repository. A notable characteristic is the flexibility in choosing the language model, with support for Claude, GPT, and other LLMs, with internal tests indicating superior results with the Claude model, which is currently the best for code analysis.
In terms of functionality, the project generates detailed reports that include initial assessments by file, secondary analyses with contextual references of functions and classes, confidence scores for each identified vulnerability, and complete logs of the analysis process. A particularly useful aspect is the inclusion of proof of concept (PoC) for the vulnerabilities found.
The project currently has some limitations and focuses on seven main vulnerability classes:
- Local file include (LFI)
- Arbitrary file overwrite (AFO)
- Remote code execution (RCE)
- Cross site scripting (XSS)
- SQL Injection (SQLI)
- Server side request forgery (SSRF)
- Insecure Direct Object Reference (IDOR)

Currently, the project is limited to Python codebases, although there is a planned expansion by the developers for other languages in the future. This specialization allows for deeper and more precise analysis within the Python ecosystem.

A practical example of the tool’s effectiveness that caught our attention was the discovery of a zero-day vulnerability in Ragflow, where it identified a critical remote code execution flaw. We also identified that the project not only detected the vulnerability but also provided a detailed analysis of the problem and a script PoC to be tested, demonstrating its capacity to not only identify but also document and validate potential vulnerabilities.
The Impact of AI on Security Flaw Discovery
The democratization of these technologies brings both opportunities and responsibilities. On one hand, researchers and security professionals now have access to more sophisticated tools to protect systems and applications. On the other hand, the ease of use of these tools demands an even greater commitment to ethical and responsible practices.
The future of cybersecurity is inevitably intertwined with artificial intelligence. How we manage solutions like the project mentioned here will define digital security standards for the coming decades. As these tools evolve, we must remain vigilant not only in identifying vulnerabilities but also in preserving the ethical principles that sustain our profession.
That’s why, while hackers use AI and exploit Zero-Day vulnerabilities, protecting your company requires more than traditional solutions. Proactive strategies and advanced technologies are essential to stay ahead.
At ZenoX, we are committed to helping companies like yours navigate this challenging landscape with security, confidence, and using Generative AI as a tool to combat cybercrime.
Protect your company against cyber threats → Schedule a free Vydar demo