Mako: A Self-Evolving Agentic Operating System for Autonomous Web Exploitation
Jul 14, 2026
Researchers have introduced Mako, a self-evolving AI agent designed to autonomously exploit web vulnerabilities by treating its exploit capability as a mutable kernel. Mako achieved full coverage on 104 CTF-style web applications spanning 26 vulnerability classes, demonstrating the ability to autonomously discover and exploit a wide range of web vulnerabilities. Due to dual-use concerns, the authors have withheld operational details, payloads, and source code.
Why it matters: Mako's results highlight that once an exploit capability is available, the difficulty of autonomous exploitation collapses, raising significant security and safety concerns about the potential for automated offensive systems.
Full story at: arXiv Cryptography and Security ↗