从新手到专家：操纵LLM实现企业软件自动化漏洞利用 (From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software)

Moustapha Awwalou Diouf,Maimouna Tamah Diao,Iyiola Emmanuel Olatunji,Abdoul Kader Kaboré,Jordan Samhi,Gervais Mendy,Samuel Ouya,Jacques Klein,Tegawendé F. Bissyandé

LLMs democratize software engineering by enabling non-programmers to create applications, but this same accessibility fundamentally undermines security assumptions that have guided software engineering for decades. We show in this work how publicly available LLMs can be socially engineered to transform novices into capable attackers, challenging the foundational principle that exploitation requires technical expertise. To that end, we propose RSA (Role-assignment, Scenario-pretexting, and Action-solicitation), a pretexting strategy that manipulates LLMs into generating functional exploits despite their safety mechanisms. Testing against Odoo -- a widely used ERP platform, we evaluated five mainstream LLMs (GPT-4o, Gemini, Claude, Microsoft Copilot, and DeepSeek) and achieved a 100% success rate: tested CVE yielded at least one working exploit within 3-4 prompting rounds. While prior work [13] found LLM-assisted attacks difficult and requiring manual effort, we demonstrate that this overhead can be eliminated entirely. Our findings invalidate core software engineering security principles: the distinction between technical and non-technical actors no longer provides valid threat models; technical complexity of vulnerability descriptions offers no protection when LLMs can abstract it away; and traditional security boundaries dissolve when the same tools that build software can be manipulated to break it. This represents a paradigm shift in software engineering -- we must redesign security practices for an era where exploitation requires only the ability to craft prompts, not understand code. Artifacts available at: https://anonymous.4open.science/r/From-Rookie-to-Attacker-D8B3.

翻译：大型语言模型（LLM）通过使非编程人员能够创建应用程序，实现了软件工程的民主化，但这种可访问性从根本上动摇了指导软件工程数十年的安全假设。本研究表明，公开可用的LLM如何通过社会工程学将新手转变为具备攻击能力的攻击者，从而挑战了"漏洞利用需要专业技术"这一基本原则。为此，我们提出RSA（角色分配、场景伪装与行动诱导）策略——一种通过伪装场景操纵LLM生成功能性漏洞利用程序的方法，即使其内置安全机制亦难以防范。在广泛使用的ERP平台Odoo上进行测试时，我们对五种主流LLM（GPT-4o、Gemini、Claude、Microsoft Copilot和DeepSeek）进行评估，实现了100%的成功率：所有测试的CVE漏洞在3-4轮提示内均能生成至少一个可用的漏洞利用程序。尽管先前研究[13]发现LLM辅助攻击难度较高且需人工干预，但我们证明这种额外开销可被完全消除。我们的研究结果颠覆了软件工程安全的核心原则：技术与非技术人员的区分不再构成有效的威胁模型；当LLM能够抽象化漏洞描述时，其技术复杂性无法提供保护；当构建软件的相同工具被操纵用于破坏软件时，传统安全边界随之瓦解。这标志着软件工程的范式转变——我们必须为"漏洞利用仅需设计提示能力而非理解代码"的时代重新设计安全实践。实验材料详见：https://anonymous.4open.science/r/From-Rookie-to-Attacker-D8B3。