Listen to this Post
Introduction: A New Era of AI-Powered IoT Security Testing
The rapid growth of Internet of Things (IoT) devices has transformed homes, businesses, healthcare, manufacturing, and critical infrastructure. However, this technological expansion has also created one of the largest attack surfaces in modern cybersecurity. Millions of connected devices continue to rely on outdated firmware, weak passwords, insecure services, and poorly maintained software, making them attractive targets for cybercriminals.
Researchers are now exploring how artificial intelligence can strengthen security by automating penetration testing and vulnerability assessments. A newly developed framework named VEXAIoT represents a major milestone in this field. Rather than relying solely on human penetration testers, the system uses coordinated Large Language Model (LLM) agents capable of identifying vulnerabilities, planning attack strategies, executing exploits, and adapting based on previous outcomes. During laboratory testing, the framework achieved an impressive 95% overall success rate, demonstrating how AI is rapidly becoming a practical cybersecurity assistant for complex IoT environments.
VEXAIoT Introduces Autonomous Multi-Agent Cyber Operations
VEXAIoT was developed by Katherine Swinea and fellow researchers at Tennessee Tech University as a multi-agent framework specifically designed for Internet of Things penetration testing.
Instead of using a single AI model to perform every task, the researchers divided responsibilities between two specialized AI agents. One agent focuses entirely on reconnaissance and vulnerability analysis, while the second agent performs exploitation based on the information collected. This separation closely mirrors the workflow followed by experienced human penetration testers, allowing each AI agent to specialize while continuously sharing information.
The system demonstrated a remarkable 95% success rate across 260 separate attack executions, highlighting how AI-driven security automation is rapidly evolving beyond simple scripting into intelligent decision-making.
How the Two AI Agents Work Together
The first component of VEXAIoT is the Vulnerability Detection Agent.
This agent begins by scanning the target environment using Nmap, identifying open ports, running services, operating systems, and potential attack surfaces. After gathering reconnaissance data, it automatically compares discovered services against the Searchsploit exploit database to identify known vulnerabilities.
Rather than simply listing possible exploits, the collected intelligence is submitted to an advanced reasoning model—ChatGPT 5.1 Thinking—which analyzes the available information and produces a structured attack strategy tailored to the discovered environment.
Once the attack plan is complete, responsibility shifts to the Attack Execution Agent.
This second AI agent determines which offensive tools should be used for each vulnerability. Depending on the target, it may utilize utilities such as BetterCap, John the Ripper, or custom exploitation scripts. It generates executable commands, launches attacks, records the outcomes, and reports the results back to the detection agent.
This creates a continuous feedback loop where every successful exploit, failed attempt, or unexpected error becomes additional intelligence for refining future attack decisions.
Adaptive Feedback Makes VEXAIoT Different
Traditional penetration testing automation usually depends on predefined scripts.
VEXAIoT takes a completely different approach.
Instead of blindly executing a fixed sequence of commands, the framework evaluates the results after every attack attempt. If one exploit fails, the AI analyzes the reason for failure, modifies its strategy, and attempts alternative approaches when appropriate.
This adaptive behavior allows the framework to behave much more like an experienced human penetration tester who constantly adjusts techniques based on real-world conditions.
Such dynamic reasoning represents one of the most significant advances demonstrated by this research.
Testing the Framework Against Realistic IoT Targets
To evaluate its capabilities, researchers deployed VEXAIoT inside controlled laboratory environments rather than live production networks.
The primary testing platform was IoTGoat, an intentionally vulnerable OpenWrt-based router designed for IoT security education.
The testing environment consisted of three connected systems:
A Kali Linux machine hosting the AI agents
An Ubuntu 24.04.4 client generating realistic network traffic
The IoTGoat router acting as the vulnerable target
This architecture closely simulated realistic enterprise IoT communication rather than isolated vulnerability demonstrations.
Coverage Across the OWASP IoT Top 10
Researchers designed ten attack scenarios representing nearly the entire OWASP IoT Top 10 risk categories.
The AI framework successfully tested vulnerabilities involving:
Weak authentication
Insecure network services
Vulnerable ecosystem interfaces
Unsafe firmware updates
Outdated software components
Privacy weaknesses
Insecure data transmission
Poor device management
Insecure default configurations
The only category excluded from testing involved physical device hardening since VEXAIoT focuses exclusively on network and firmware-level attacks.
This broad coverage demonstrates that the framework is capable of addressing multiple categories of IoT security weaknesses rather than specializing in a single exploit type.
Outstanding Success Rates Across Hundreds of Attacks
Each IoTGoat scenario was executed twenty separate times, producing 200 individual attack attempts.
The Vulnerability Detection Agent successfully completed reconnaissance and attack planning in every single test, achieving a perfect planning success rate.
During exploitation, the Attack Execution Agent successfully completed 189 out of 200 attacks, producing an impressive 94.5% execution success rate.
Several attack scenarios achieved a perfect 100% success rate, including:
Cross-Site Scripting (XSS)
Developer backdoor access
Malicious firmware update execution
Personally Identifiable Information extraction
Log deletion
Remote Code Execution
These results demonstrate that AI agents can reliably perform many offensive cybersecurity tasks that previously required experienced human operators.
Additional Validation Using Metasploitable2
Researchers expanded testing beyond IoTGoat by evaluating the framework against the well-known Metasploitable2 vulnerable environment.
In this separate laboratory platform, VEXAIoT achieved an even higher 96.7% success rate.
Combining results from both testing environments produced the overall 95% attack success rate reported in the research.
This consistency suggests that the framework is not limited to a single laboratory configuration and can adapt across different vulnerable systems.
Where the AI Still Struggles
Although overall performance was impressive, not every attack executed flawlessly.
The weakest-performing scenarios involved:
MiniUPnP backdoor exploitation
DNS Denial-of-Service attacks
Both achieved approximately 80% success, primarily because these attacks depended on highly specific command syntax and sensitive service interactions.
Researchers also identified several recurring limitations.
Five failures resulted from AI-generated command syntax errors.
Another five occurred because the language model refused to execute certain offensive instructions.
Only one failure was attributed to AI hallucination, indicating that inaccurate reasoning was far less common than command-generation issues.
These findings highlight that while reasoning capabilities are becoming increasingly reliable, command validation remains an important challenge.
Implications for Future Cybersecurity
VEXAIoT demonstrates that AI agents are rapidly evolving from simple assistants into autonomous cybersecurity operators.
Rather than replacing human experts, frameworks like this can dramatically reduce repetitive work by automating reconnaissance, vulnerability validation, exploit selection, and attack execution inside controlled environments.
Security teams may eventually deploy similar systems to continuously assess corporate IoT infrastructure, identify emerging weaknesses, and generate remediation recommendations before attackers can exploit them.
However, the same technology also raises important ethical and defensive concerns.
Any system capable of automating offensive security operations could potentially be misused if deployed without appropriate safeguards.
The researchers therefore emphasize the importance of stronger validation mechanisms, defensive AI agents, robust safety controls, improved error recovery, and strict operational boundaries before such frameworks become widely adopted.
Deep Analysis
Command: Examine the Architecture
The decision to separate reconnaissance from exploitation reflects mature cybersecurity methodology. Instead of overwhelming one AI with every task, specialization improves reasoning quality while simplifying troubleshooting.
Command: Measure Practical Value
A 95% success rate is highly significant because penetration testing often requires repetitive manual effort. Automating much of this workflow could dramatically improve testing efficiency.
Command: Evaluate AI Reliability
The study shows that AI reasoning has become remarkably dependable during vulnerability discovery. Most failures occurred during command execution rather than strategic planning.
Command: Assess Offensive Risk
An autonomous exploitation framework introduces new security concerns. Similar technologies could be adopted by threat actors if safeguards fail to keep pace with AI development.
Command: Review Defensive Potential
The same architecture can strengthen cybersecurity by continuously scanning enterprise IoT deployments, validating security controls, and identifying weaknesses before attackers do.
Command: Analyze Error Sources
Syntax generation remains the largest operational weakness. Future versions will likely integrate stricter command verification before execution.
Command: Compare With Traditional Penetration Testing
Human penetration testers remain superior in creativity and contextual judgment, but AI agents can significantly reduce time spent on repetitive reconnaissance and exploitation tasks.
Command: Consider Enterprise Adoption
Organizations with thousands of IoT devices could benefit enormously from autonomous security validation, provided AI actions remain supervised.
Command: Study Scalability
Because VEXAIoT operates using modular agents, additional AI components could eventually perform reporting, remediation, compliance validation, and risk scoring automatically.
Command: Forecast AI Security Evolution
This research represents another step toward intelligent cybersecurity ecosystems where offensive and defensive AI agents continuously compete to improve organizational resilience.
What Undercode Say:
Artificial intelligence is steadily becoming one of the most influential technologies in cybersecurity, and VEXAIoT demonstrates exactly why. The framework moves beyond traditional automation by giving AI the ability to reason, plan, adapt, and execute attacks much like an experienced penetration tester.
The most impressive aspect is not the 95% success rate itself, but the architecture behind it. Separating planning from execution mirrors how professional red teams operate, making the system more resilient and easier to improve over time.
The research also reveals an important trend: AI is becoming better at strategic thinking than many expected. The vulnerability discovery phase achieved a perfect success rate, suggesting that modern language models can effectively interpret reconnaissance data and develop logical attack paths.
However, execution accuracy still requires refinement. Command syntax errors accounted for more failures than reasoning mistakes, indicating that operational precision—not intelligence—is currently the larger obstacle.
From a defensive perspective, organizations should pay close attention. Technologies like VEXAIoT could evolve into continuous security assessment platforms capable of testing thousands of IoT devices around the clock, identifying weaknesses long before attackers exploit them.
On the other hand, defenders must also recognize the dual-use nature of autonomous security tools. The same capabilities that help security teams improve resilience could also reduce the technical barrier for sophisticated cyberattacks if appropriate safeguards are absent.
Future iterations will likely integrate automated remediation, stronger command validation, defensive AI companions, and policy enforcement mechanisms that prevent unsafe actions. This evolution could transform penetration testing from a periodic exercise into a continuous, AI-assisted process.
Overall, VEXAIoT is less about replacing human experts and more about amplifying their capabilities. Human judgment, ethical oversight, and strategic decision-making remain essential, while AI increasingly handles repetitive, time-consuming technical operations. The research offers a compelling glimpse into the future of cybersecurity, where intelligent agents work alongside professionals to secure an ever-growing ecosystem of connected devices.
✅ Verified: The reported 95% overall success rate aligns with the research results from controlled laboratory experiments conducted on IoTGoat and Metasploitable2 test environments.
✅ Verified: The framework genuinely uses a two-agent architecture that separates vulnerability detection and attack execution while maintaining a continuous feedback loop.
❌ Not Yet Proven in Real-World Production: Although laboratory performance is highly promising, the research does not demonstrate that VEXAIoT can safely or consistently operate against complex production IoT environments without additional safeguards, validation, and defensive controls.
Prediction
(+1) Autonomous AI penetration testing platforms will become standard components of enterprise security operations, enabling continuous vulnerability discovery across massive IoT deployments with greater speed and consistency than manual assessments.
(-1) As offensive AI frameworks mature, cybercriminal groups may attempt to develop similar autonomous attack systems, increasing the sophistication and scale of attacks against vulnerable IoT ecosystems unless defensive AI evolves at an equal or faster pace.
▶️ Related Video (82% Match):
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.twitter.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube




