Ai Agents 3 min read

AI Pipeline Discovers CVE-2026-3985 in Creative Mail

Cybersecurity firm Intruder combined Joern code slicing with LLM agents to autonomously discover and exploit a blind SQL injection in a WordPress plugin.

On July 15, 2026, cybersecurity firm Intruder detailed an autonomous pipeline dubbed the vulnerability vending machine that pairs static analysis with LLMs to discover and exploit zero-day flaws. The system successfully executed end-to-end vulnerability research on production software, generating functional exploits without human intervention.

The Code Slicing Architecture

The pipeline replaces manual code review by chaining deterministic analysis tools with probabilistic LLM agents. Intruder targeted the top 200 WordPress plugins to evaluate the system.

The architecture operates in three distinct phases:

Pipeline StageTechnologyFunction
SlicingJoernMaps execution paths from user inputs (REST/AJAX) to sensitive sinks (database queries).
TriagePre-Mythos LLMAnalyzes isolated code slices to determine if inputs bypass sanitization logic.
ExploitationPre-Mythos LLMGenerates a functional proof-of-concept (PoC) and extraction payload for confirmed flaws.

Intruder frames this architecture as an evolution of vibe coding. Instead of relying on static scanners that generate high volumes of false positives, the system offloads complex execution reasoning to the triage agent.

Discovery of CVE-2026-3985

The most notable output from the July 15 deployment was CVE-2026-3985, a remote, multi-stage blind SQL injection in the Creative Mail WordPress plugin. The software currently has over 300,000 active installations.

The vulnerability grants unauthenticated attackers read access to the WordPress database, exposing administrator password hashes and secret tokens. Exploitation requires multiple chained requests and triggers specifically when Creative Mail operates alongside WooCommerce, a commerce plugin with over 7 million installs.

The exploitation agent successfully “one-shotted” a working PoC to extract the database contents. Following the disclosure, the plugin was removed from the WordPress repository pending a security patch. Intruder noted that researcher Dmitrii Ignatyev of CleanTalk Inc. also discovered the bug independently.

The Shift to Autonomous Exploitation

The system’s release coincides with an acceleration in automated zero-day discovery and exploitation. On the same day Intruder announced its pipeline, Microsoft’s July 2026 Patch Tuesday addressed a record 570 vulnerabilities, including two actively exploited zero-days (CVE-2026-56155 and CVE-2026-56164).

Industry telemetry confirms this shift. Reports from CrowdStrike and Check Point Research published on July 14 indicate that AI is directly executing end-to-end intrusions rather than merely assisting human operators. CrowdStrike data shows the average eCrime breakout time fell to 29 minutes in 2026, a 65% speed increase driven by automation. This real-world execution aligns with recent data showing AI agents rapidly improving at multi-step cyberattacks.

If you maintain public-facing software, the window between code deployment and automated discovery is closing. Integrating autonomous triage agents into your CI/CD pipeline is now a structural requirement to match the speed of offensive automation.

Get Insanely Good at AI

Get Insanely Good at AI

The book for developers who want to understand how AI actually works. LLMs, prompt engineering, RAG, AI agents, and production systems.

Keep Reading