AI Pipeline Finds 300+ WordPress Zero-Days at $20 Each, Reshaping Vulnerability Economics
Researchers demonstrated an AI-driven pipeline at Ekoparty Miami that discovered over 300 critical zero-day vulnerabilities in WordPress plugins at an average cost of $20 per bug, signaling a new economic reality for the security industry.
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the security industry will have to reckon with.
The system, presented at Ekoparty Miami, pairs AI-driven static analysis with automated Docker provisioning and dynamic verification through Chrome DevTools MCP. It surfaced more than 300 critical zero-day vulnerabilities across the WordPress plugin ecosystem in 72 hours of scanning. Every finding was manually verified by the researchers and responsibly disclosed before publication.
The AgentForge orchestration dashboard logged roughly 222 million tokens consumed across 95 tasks during the campaign. Steven Yu, a threat research engineer at TrendAI, translated that to an average of about $20 per vulnerability discovered. He qualified the number carefully, noting that the WordPress ecosystem is an outlier due to its vast and complex codebase with highly variable code quality. A hardened enterprise codebase would not surrender bugs at the same rate or at the same cost.
What is settled, by Yu's account, is that the price floor is already crossed for someone willing to look. "We are already in a state where any motivated attacker with a credit card can execute this," he said. "Both white-hat and black-hat actors are already implementing these types of actions at scale."
The 300-plus findings span pre-authentication remote code execution, SQL injection hidden behind PHPCS annotations that mark vulnerable queries as safe, privilege escalation through the WordPress hook system, server-side request forgery, and a downgrade attack chain. One pre-auth RCE was identified in a plugin with more than 1,000 GitHub stars. The downgrade chain was assembled by the AI without human guidance, and the same vulnerability class was identified through pattern hunting across OpenCart and Joomla codebases.
The pipeline addresses what the security industry has taken to calling "AI slop," the wave of low-quality, AI-generated vulnerability reports that has pushed several major open-source projects to reject AI submissions outright. By requiring every AI-generated finding to pass dynamic verification before reaching the disclosure queue, the system eliminated more than 80% of false positives. However, the downstream pressure remains. Yu said manual verification of each WordPress plugin vulnerability took his team between 30 and 60 minutes, describing the human review layer as the primary bottleneck.
Yu expects a higher volume of disclosed vulnerabilities and a parallel rise in zero-day abuse by attackers running similar pipelines in the next six months. He anticipates a structural shift in how disclosure programs accept submissions, with several vendors moving toward invite-only or membership-based models that prioritize researchers with established track records. The longer-term answer he pointed to is more automation applied at the receiving end: AI-assisted triage that automates environment setup and verification would let human experts concentrate on the most complex cases.