AI Pipeline Discovers CVE-2026-3985 in Creative Mail
Cybersecurity firm Intruder combined Joern code slicing with LLM agents to autonomously discover and exploit a blind SQL injection in a WordPress plugin.
On July 15, 2026, cybersecurity firm Intruder detailed an autonomous pipeline dubbed the vulnerability vending machine that pairs static analysis with LLMs to discover and exploit zero-day flaws. The system successfully executed end-to-end vulnerability research on production software, generating functional exploits without human intervention.
The Code Slicing Architecture
The pipeline replaces manual code review by chaining deterministic analysis tools with probabilistic LLM agents. Intruder targeted the top 200 WordPress plugins to evaluate the system.
The architecture operates in three distinct phases:
| Pipeline Stage | Technology | Function |
|---|---|---|
| Slicing | Joern | Maps execution paths from user inputs (REST/AJAX) to sensitive sinks (database queries). |
| Triage | Pre-Mythos LLM | Analyzes isolated code slices to determine if inputs bypass sanitization logic. |
| Exploitation | Pre-Mythos LLM | Generates a functional proof-of-concept (PoC) and extraction payload for confirmed flaws. |
Intruder frames this architecture as an evolution of vibe coding. Instead of relying on static scanners that generate high volumes of false positives, the system offloads complex execution reasoning to the triage agent.
Discovery of CVE-2026-3985
The most notable output from the July 15 deployment was CVE-2026-3985, a remote, multi-stage blind SQL injection in the Creative Mail WordPress plugin. The software currently has over 300,000 active installations.
The vulnerability grants unauthenticated attackers read access to the WordPress database, exposing administrator password hashes and secret tokens. Exploitation requires multiple chained requests and triggers specifically when Creative Mail operates alongside WooCommerce, a commerce plugin with over 7 million installs.
The exploitation agent successfully “one-shotted” a working PoC to extract the database contents. Following the disclosure, the plugin was removed from the WordPress repository pending a security patch. Intruder noted that researcher Dmitrii Ignatyev of CleanTalk Inc. also discovered the bug independently.
The Shift to Autonomous Exploitation
The system’s release coincides with an acceleration in automated zero-day discovery and exploitation. On the same day Intruder announced its pipeline, Microsoft’s July 2026 Patch Tuesday addressed a record 570 vulnerabilities, including two actively exploited zero-days (CVE-2026-56155 and CVE-2026-56164).
Industry telemetry confirms this shift. Reports from CrowdStrike and Check Point Research published on July 14 indicate that AI is directly executing end-to-end intrusions rather than merely assisting human operators. CrowdStrike data shows the average eCrime breakout time fell to 29 minutes in 2026, a 65% speed increase driven by automation. This real-world execution aligns with recent data showing AI agents rapidly improving at multi-step cyberattacks.
If you maintain public-facing software, the window between code deployment and automated discovery is closing. Integrating autonomous triage agents into your CI/CD pipeline is now a structural requirement to match the speed of offensive automation.
Get Insanely Good at AI
The book for developers who want to understand how AI actually works. LLMs, prompt engineering, RAG, AI agents, and production systems.
Keep Reading
How to Configure Sparse-LoRA and DoRA With Hugging Face PEFT
Learn how to use PEFT 0.18.0 to configure Sparse-LoRA, DoRA, LoRA-XS, and rsLoRA for more efficient fine-tuning on single-GPU hardware.
Benign GitHub Repos Hijack Claude Code via DNS TXT Records
Mozilla researchers demonstrated an attack vector where AI coding agents execute malicious payloads hidden in DNS records during autonomous error recovery.
AutoJack Exploit Chains MCP Flaws for RCE in AutoGen
Microsoft patched AutoJack, a critical vulnerability chain in AutoGen Studio that enables remote code execution via AI browsing agents.
CVE-2026-42824 Grants 1-Click Data Theft via M365 Copilot
Varonis researchers disclosed SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot enabling 1-click exfiltration of enterprise data.
iOS 27 Siri Leaks Reveal Gemini Backbone and AI Extensions
Leaked technical details for Apple's iOS 27 reveal a redesigned Siri operating as a standalone chatbot powered by Google's Gemini models.