Abstract
Large language models have become practical tools for security vulnerability research, used by both professional researchers and less credentialed actors to accelerate code audits, generate proof-of-concept exploits, and identify attack surface in open-source software. The acceleration is real and documented: Google Project Zero has discussed LLM-assisted triage; independent researchers have published CVE discoveries credited to LLM-guided analysis. This creates a concrete tension in AI ethics: the same capability uplift that helps defenders find bugs before attackers do also shortens the time-to-exploit for anyone with API access, and the responsible disclosure norms that govern human security researchers have not been updated to address AI-assisted discovery.
The Uplift Asymmetry Problem
Traditional responsible disclosure timelines assume that finding a vulnerability requires significant expertise and time, creating a window in which defenders can patch before widespread exploitation. AI-assisted research compresses that expertise requirement in ways that are not symmetric between offense and defense. Generating a working exploit for a known vulnerability class in a newly audited codebase is a more bounded task than designing and maintaining a patch management program across a large software estate. Vendors operating patch cycles of 30-90 days designed for human-speed discovery face adversaries who may be able to reduce triage and weaponization time substantially. The CERT Coordination Center and CISA have not updated their coordinated vulnerability disclosure guidelines to address AI-accelerated discovery.
What Researchers Are Actually Doing
The practice among researchers using LLMs for vulnerability work varies widely. Some treat it as a triage accelerator: using models to identify candidate code paths that warrant manual audit, with the human doing the actual vulnerability confirmation. Others are using agentic frameworks - AutoGPT-style loops combined with fuzzing tools and symbolic execution - to run partially automated discovery pipelines. The latter creates a documentation problem for responsible disclosure: who is the discoverer of record, what was the discovery methodology, and how should the disclosure report characterize the role of automated tooling? Bug bounty programs at HackerOne and Bugcrowd have not published unified policies on AI-assisted submission.
A Disclosure Norm Update Is Overdue
A responsible disclosure norm updated for AI-assisted research would address at minimum: disclosure of whether AI tooling was used in discovery (for reproducibility and credit attribution), an adjustment to patching timelines that accounts for the possibility that the same AI-assisted technique is available to adversaries, and platform policies from bug bounty programs on AI-generated reports (which currently flood some programs with low-quality automated findings while high-quality AI-assisted findings go through the same triage queue). The ethics here are not about restricting AI use in security research; that ship has sailed. They are about adapting the coordination infrastructure that allows defenders to stay ahead of the curve.