VYPR
researchPublished Jul 13, 2026· 1 source

VEXAIoT: AI Multi-Agent System Automates IoT Reconnaissance and Exploit Execution

Researchers have developed VEXAIoT, an AI multi-agent framework that automates the identification and exploitation of vulnerabilities in Internet of Things (IoT) environments.

Security researchers have introduced VEXAIoT, an AI-powered multi-agent framework designed to automate vulnerability discovery and exploit execution against Internet of Things environments. The research demonstrates how large language model agents can coordinate reconnaissance, attack planning, command generation, and result validation within isolated security testbeds.

VEXAIoT, an acronym for Vulnerability EXploitation using AI Agents, operates with two distinct but interconnected agents. The first, a vulnerability detection agent, scans target devices to identify exposed services and known vulnerabilities. The second, an attack execution agent, selects appropriate tools, formulates commands, and attempts to execute the planned exploit. The detection agent initiates its process by employing Nmap to map open ports, services, and active network protocols. It then leverages data from Searchsploit and the Exploit Database to correlate discovered software and versions with known CVEs and publicly available proof-of-concept exploits.

The AI model analyzes this gathered information to construct an ordered attack plan, prioritizing vulnerabilities based on severity, available tools, and interdependencies between different attack vectors. For instance, if an attack requires valid credentials, VEXAIoT will first attempt credential recovery or network traffic interception before proceeding with dependent actions. The framework is also capable of retrying failed attacks, using error messages and execution output to refine its approach for subsequent attempts.

Researchers rigorously tested VEXAIoT against IoTGoat, an intentionally vulnerable OpenWrt-based IoT firmware environment, and the Metasploitable2 vulnerable machine. The IoTGoat tests encompassed ten scenarios aligned with OWASP IoT security risks, including weak passwords, insecure network services, exposed developer backdoors, insecure updates, DNS denial-of-service, plaintext sensitive data, man-in-the-middle interception, remote code execution, and log deletion.

Across 200 attack attempts on IoTGoat, VEXAIoT successfully completed 189, achieving an impressive 94.5 percent success rate. Seven scenarios, including cross-site scripting, developer-backdoor access, malicious update execution, database PII extraction, log erasure, and remote code execution, attained a perfect 100 percent success rate. The system showed slightly reduced efficacy in MiniUPnP backdoor and DNS denial-of-service tests, where command syntax issues and model refusals lowered success rates to 80 percent.

On Metasploitable2, the framework demonstrated high efficacy, successfully exploiting the VSFTPD backdoor and exposed database credentials in all 60 tests. It achieved remote code execution in 18 out of 20 attempts. Cumulatively, across both testbeds and 260 executions, VEXAIoT achieved an overall success rate of 95 percent. While most individual attacks concluded in under two minutes, password cracking operations required more time. The researchers noted that parallelizing independent attacks could significantly reduce the total test duration, though token consumption remained relatively constant due to the per-attack AI agent interaction.

The study underscores the burgeoning potential of agentic AI in the realm of authorized IoT penetration testing and vulnerability validation. However, the authors caution that autonomous exploit execution still grapples with significant challenges, including the potential for hallucinated outputs, invalid commands, model refusals, and the critical need for enhanced human oversight and robust safety controls. It is imperative to note that the framework was evaluated solely within controlled, intentionally vulnerable environments and should never be deployed against systems without explicit authorization.

Synthesized by Vypr AI