LLM-assisted Pentesting

Turn the model around and it becomes the attacker's tool — a copilot that parses recon and drafts payloads, or an autonomous agent that runs the whole engagement with real tooling. The research is real: agents can exploit one-day vulnerabilities straight from a CVE write-up. But so are the limits and the footguns, including a target web page that injects your own offensive agent. Here is what these systems actually do, where they fail, and how to use them without getting burned.