VEXAIoT Redefines IoT Cybersecurity: AI Agents Achieve 95% Success in Autonomous Vulnerability Exploitation + Video

Listen to this Post

Featured ImageIntroduction: A New Era of AI-Powered IoT Security Testing

The rapid growth of Internet of Things (IoT) devices has transformed homes, businesses, healthcare, manufacturing, and critical infrastructure. However, this technological expansion has also created one of the largest attack surfaces in modern cybersecurity. Millions of connected devices continue to rely on outdated firmware, weak passwords, insecure services, and poorly maintained software, making them attractive targets for cybercriminals.

Researchers are now exploring how artificial intelligence can strengthen security by automating penetration testing and vulnerability assessments. A newly developed framework named VEXAIoT represents a major milestone in this field. Rather than relying solely on human penetration testers, the system uses coordinated Large Language Model (LLM) agents capable of identifying vulnerabilities, planning attack strategies, executing exploits, and adapting based on previous outcomes. During laboratory testing, the framework achieved an impressive 95% overall success rate, demonstrating how AI is rapidly becoming a practical cybersecurity assistant for complex IoT environments.

VEXAIoT Introduces Autonomous Multi-Agent Cyber Operations

VEXAIoT was developed by Katherine Swinea and fellow researchers at Tennessee Tech University as a multi-agent framework specifically designed for Internet of Things penetration testing.

Instead of using a single AI model to perform every task, the researchers divided responsibilities between two specialized AI agents. One agent focuses entirely on reconnaissance and vulnerability analysis, while the second agent performs exploitation based on the information collected. This separation closely mirrors the workflow followed by experienced human penetration testers, allowing each AI agent to specialize while continuously sharing information.

The system demonstrated a remarkable 95% success rate across 260 separate attack executions, highlighting how AI-driven security automation is rapidly evolving beyond simple scripting into intelligent decision-making.

How the Two AI Agents Work Together

The first component of VEXAIoT is the Vulnerability Detection Agent.

This agent begins by scanning the target environment using Nmap, identifying open ports, running services, operating systems, and potential attack surfaces. After gathering reconnaissance data, it automatically compares discovered services against the Searchsploit exploit database to identify known vulnerabilities.

Rather than simply listing possible exploits, the collected intelligence is submitted to an advanced reasoning model—ChatGPT 5.1 Thinking—which analyzes the available information and produces a structured attack strategy tailored to the discovered environment.

Once the attack plan is complete, responsibility shifts to the Attack Execution Agent.

This second AI agent determines which offensive tools should be used for each vulnerability. Depending on the target, it may utilize utilities such as BetterCap, John the Ripper, or custom exploitation scripts. It generates executable commands, launches attacks, records the outcomes, and reports the results back to the detection agent.

This creates a continuous feedback loop where every successful exploit, failed attempt, or unexpected error becomes additional intelligence for refining future attack decisions.

Adaptive Feedback Makes VEXAIoT Different

Traditional penetration testing automation usually depends on predefined scripts.

VEXAIoT takes a completely different approach.

Instead of blindly executing a fixed sequence of commands, the framework evaluates the results after every attack attempt. If one exploit fails, the AI analyzes the reason for failure, modifies its strategy, and attempts alternative approaches when appropriate.

This adaptive behavior allows the framework to behave much more like an experienced human penetration tester who constantly adjusts techniques based on real-world conditions.

Such dynamic reasoning represents one of the most significant advances demonstrated by this research.

Testing the Framework Against Realistic IoT Targets

To evaluate its capabilities, researchers deployed VEXAIoT inside controlled laboratory environments rather than live production networks.

The primary testing platform was IoTGoat, an intentionally vulnerable OpenWrt-based router designed for IoT security education.

The testing environment consisted of three connected systems:

A Kali Linux machine hosting the AI agents

An Ubuntu 24.04.4 client generating realistic network traffic

The IoTGoat router acting as the vulnerable target

This architecture closely simulated realistic enterprise IoT communication rather than isolated vulnerability demonstrations.

Coverage Across the OWASP IoT Top 10

Researchers designed ten attack scenarios representing nearly the entire OWASP IoT Top 10 risk categories.

The AI framework successfully tested vulnerabilities involving:

Weak authentication

Insecure network services

Vulnerable ecosystem interfaces

Unsafe firmware updates

Outdated software components

Privacy weaknesses

Insecure data transmission

Poor device management

Insecure default configurations

The only category excluded from testing involved physical device hardening since VEXAIoT focuses exclusively on network and firmware-level attacks.

This broad coverage demonstrates that the framework is capable of addressing multiple categories of IoT security weaknesses rather than specializing in a single exploit type.

Outstanding Success Rates Across Hundreds of Attacks

Each IoTGoat scenario was executed twenty separate times, producing 200 individual attack attempts.

The Vulnerability Detection Agent successfully completed reconnaissance and attack planning in every single test, achieving a perfect planning success rate.

During exploitation, the Attack Execution Agent successfully completed 189 out of 200 attacks, producing an impressive 94.5% execution success rate.

Several attack scenarios achieved a perfect 100% success rate, including:

Cross-Site Scripting (XSS)

Developer backdoor access

Malicious firmware update execution

Personally Identifiable Information extraction

Log deletion

Remote Code Execution

These results demonstrate that AI agents can reliably perform many offensive cybersecurity tasks that previously required experienced human operators.

Additional Validation Using Metasploitable2

Researchers expanded testing beyond IoTGoat by evaluating the framework against the well-known Metasploitable2 vulnerable environment.

In this separate laboratory platform, VEXAIoT achieved an even higher 96.7% success rate.

Combining results from both testing environments produced the overall 95% attack success rate reported in the research.

This consistency suggests that the framework is not limited to a single laboratory configuration and can adapt across different vulnerable systems.

Where the AI Still Struggles

Although overall performance was impressive, not every attack executed flawlessly.

The weakest-performing scenarios involved:

MiniUPnP backdoor exploitation

DNS Denial-of-Service attacks

Both achieved approximately 80% success, primarily because these attacks depended on highly specific command syntax and sensitive service interactions.

Researchers also identified several recurring limitations.

Five failures resulted from AI-generated command syntax errors.

Another five occurred because the language model refused to execute certain offensive instructions.

Only one failure was attributed to AI hallucination, indicating that inaccurate reasoning was far less common than command-generation issues.

These findings highlight that while reasoning capabilities are becoming increasingly reliable, command validation remains an important challenge.

Implications for Future Cybersecurity

VEXAIoT demonstrates that AI agents are rapidly evolving from simple assistants into autonomous cybersecurity operators.

Rather than replacing human experts, frameworks like this can dramatically reduce repetitive work by automating reconnaissance, vulnerability validation, exploit selection, and attack execution inside controlled environments.

Security teams may eventually deploy similar systems to continuously assess corporate IoT infrastructure, identify emerging weaknesses, and generate remediation recommendations before attackers can exploit them.

However, the same technology also raises important ethical and defensive concerns.

Any system capable of automating offensive security operations could potentially be misused if deployed without appropriate safeguards.

The researchers therefore emphasize the importance of stronger validation mechanisms, defensive AI agents, robust safety controls, improved error recovery, and strict operational boundaries before such frameworks become widely adopted.

Deep Analysis

Command: Examine the Architecture

The decision to separate reconnaissance from exploitation reflects mature cybersecurity methodology. Instead of overwhelming one AI with every task, specialization improves reasoning quality while simplifying troubleshooting.

Command: Measure Practical Value

A 95% success rate is highly significant because penetration testing often requires repetitive manual effort. Automating much of this workflow could dramatically improve testing efficiency.

Command: Evaluate AI Reliability

The study shows that AI reasoning has become remarkably dependable during vulnerability discovery. Most failures occurred during command execution rather than strategic planning.

Command: Assess Offensive Risk

An autonomous exploitation framework introduces new security concerns. Similar technologies could be adopted by threat actors if safeguards fail to keep pace with AI development.

Command: Review Defensive Potential

The same architecture can strengthen cybersecurity by continuously scanning enterprise IoT deployments, validating security controls, and identifying weaknesses before attackers do.

Command: Analyze Error Sources

Syntax generation remains the largest operational weakness. Future versions will likely integrate stricter command verification before execution.

Command: Compare With Traditional Penetration Testing

Human penetration testers remain superior in creativity and contextual judgment, but AI agents can significantly reduce time spent on repetitive reconnaissance and exploitation tasks.

Command: Consider Enterprise Adoption

Organizations with thousands of IoT devices could benefit enormously from autonomous security validation, provided AI actions remain supervised.

Command: Study Scalability

Because VEXAIoT operates using modular agents, additional AI components could eventually perform reporting, remediation, compliance validation, and risk scoring automatically.

Command: Forecast AI Security Evolution

This research represents another step toward intelligent cybersecurity ecosystems where offensive and defensive AI agents continuously compete to improve organizational resilience.

What Undercode Say:

Artificial intelligence is steadily becoming one of the most influential technologies in cybersecurity, and VEXAIoT demonstrates exactly why. The framework moves beyond traditional automation by giving AI the ability to reason, plan, adapt, and execute attacks much like an experienced penetration tester.

The most impressive aspect is not the 95% success rate itself, but the architecture behind it. Separating planning from execution mirrors how professional red teams operate, making the system more resilient and easier to improve over time.

The research also reveals an important trend: AI is becoming better at strategic thinking than many expected. The vulnerability discovery phase achieved a perfect success rate, suggesting that modern language models can effectively interpret reconnaissance data and develop logical attack paths.

However, execution accuracy still requires refinement. Command syntax errors accounted for more failures than reasoning mistakes, indicating that operational precision—not intelligence—is currently the larger obstacle.

From a defensive perspective, organizations should pay close attention. Technologies like VEXAIoT could evolve into continuous security assessment platforms capable of testing thousands of IoT devices around the clock, identifying weaknesses long before attackers exploit them.

On the other hand, defenders must also recognize the dual-use nature of autonomous security tools. The same capabilities that help security teams improve resilience could also reduce the technical barrier for sophisticated cyberattacks if appropriate safeguards are absent.

Future iterations will likely integrate automated remediation, stronger command validation, defensive AI companions, and policy enforcement mechanisms that prevent unsafe actions. This evolution could transform penetration testing from a periodic exercise into a continuous, AI-assisted process.

Overall, VEXAIoT is less about replacing human experts and more about amplifying their capabilities. Human judgment, ethical oversight, and strategic decision-making remain essential, while AI increasingly handles repetitive, time-consuming technical operations. The research offers a compelling glimpse into the future of cybersecurity, where intelligent agents work alongside professionals to secure an ever-growing ecosystem of connected devices.

✅ Verified: The reported 95% overall success rate aligns with the research results from controlled laboratory experiments conducted on IoTGoat and Metasploitable2 test environments.

✅ Verified: The framework genuinely uses a two-agent architecture that separates vulnerability detection and attack execution while maintaining a continuous feedback loop.

❌ Not Yet Proven in Real-World Production: Although laboratory performance is highly promising, the research does not demonstrate that VEXAIoT can safely or consistently operate against complex production IoT environments without additional safeguards, validation, and defensive controls.

Prediction

(+1) Autonomous AI penetration testing platforms will become standard components of enterprise security operations, enabling continuous vulnerability discovery across massive IoT deployments with greater speed and consistency than manual assessments.

(-1) As offensive AI frameworks mature, cybercriminal groups may attempt to develop similar autonomous attack systems, increasing the sophistication and scale of attacks against vulnerable IoT ecosystems unless defensive AI evolves at an equal or faster pace.

▶️ Related Video (82% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.twitter.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube