Researcher tests LLM pentesting on BookNook

// 2h agoBENCHMARK RESULT

Researcher tests LLM pentesting on BookNook

Security researcher Kasra Rahjerdi evaluated the penetration testing capabilities of 14 large language models using a deliberately vulnerable React Native app called BookNook. The experiment showed that GPT-5.5 achieved the highest success rate at 7/10 solves, while cheaper models like DeepSeek V4 Pro succeeded at a fraction of the cost and several models failed due to late-stage security refusals.

// ANALYSIS

Guardrail design in mainstream LLMs renders them ineffective for legitimate penetration testing, while unrestricted or cheaper models are becoming highly viable, cost-effective security auditing agents.

–GPT-5.5 demonstrated superior strategic focus, bypassing minor API vulnerabilities to directly exploit exposed Firebase configurations.
–High cost and late-stage security refusals (e.g., in Claude Opus and Gemini 3.5 Flash) represent major bottlenecks for developers using LLMs for authorized vulnerability scanning.
–DeepSeek V4 Pro offers an incredibly low cost per solve ($0.62) compared to Claude Sonnet 4.6 ($45.75), signaling that the economics of automated vulnerability exploitation favor smaller or open-weights providers.

// TAGS

securityllm-benchmarkingpenetration-testingfirebaseapi-securityartificial-intelligencevulnerability-exploitation

DISCOVERED

2h ago

2026-06-04

PUBLISHED

5h ago

2026-06-04

RELEVANCE

8/ 10

AUTHOR

jc4p

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

OPEN SOURCE33m ago

HKUDS releases Vibe-Trading, an open-source agent-native companion designed to automate financial trading workflows via natural language.

Vibe-Trading is an open-source, agent-native trading companion developed by the Data Intelligence Lab at the University of Hong Kong (HKUDS). Inspired by the "vibe coding" movement, the platform allows users to translate plain-English ideas and trading intuitions into backtested, executable strategies. The system leverages large language models—including OpenAI, DeepSeek, Gemini, and local models via Ollama—to automate tasks such as market data retrieval, strategy generation, backtesting, and sentiment analysis, acting as an AI-driven junior quantitative analyst.

OPEN SOURCE33m ago

Open-LLM-VTuber is an open-source project that brings AI-powered voice companions to life by connecting LLMs with responsive Live2D avatars.

Open-LLM-VTuber is a modular, cross-platform open-source application designed to run a personalized voice-interactive AI companion locally or in the cloud. It features hands-free conversation with voice interruption support, linking automated speech recognition (ASR) and text-to-speech (TTS) engines directly to a responsive Live2D avatar. The application offers a web mode and a transparent desktop client that functions as a "desktop pet". It supports complex workflows such as long-term memory via Letta and tool execution via the Model Context Protocol (MCP), letting users customize their virtual avatar with a wide variety of local and online AI services.

UPDATE1h ago

Mercury Agent to integrate with Sav.ink

Cosmic Stack announced an upcoming integration allowing users to connect Mercury Agent to the Sav.ink personal finance manager. The connection uses a secure LLM bridge to enable natural language chat about accounts and transactions.