← Back to brief
ResearchOfficialPreprintarXiv Cryptography and Security

LLM Agent SLYP Discovers 39 Zero-Day Vulnerabilities in Commercial Binaries

Jul 17, 2026

Researchers introduced SLYP, a REACT-style pipeline leveraging LLM agents for end-to-end vulnerability discovery in commercial off-the-shelf (COTS) binaries. SLYP identified all 64 vulnerable entry functions in a 20-object COM benchmark and generated debugger-verified proof-of-concept crashes for 67.5% of cases, outperforming default production agents. To date, SLYP has uncovered 39 zero-day vulnerabilities, with 23 assigned CVEs and $203,000 in bounty awards.

Why it matters: This work demonstrates a significant advance in automated vulnerability discovery, showing that LLM agents can effectively analyze and reason about vulnerabilities in stripped, optimized machine code where source code is unavailable.

Full story at: arXiv Cryptography and Security