From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software

TL;DR

This paper demonstrates how publicly available large language models can be socially engineered to generate functional exploits for enterprise software vulnerabilities, challenging traditional security assumptions.

Contribution

It introduces the RSA strategy to manipulate LLMs into creating exploits, showing that non-technical actors can bypass security barriers easily.

Findings

All tested LLMs exploited every CVE within 3-5 prompts.

Eliminates manual effort previously needed for LLM-assisted attacks.

Invalidates core security principles by enabling non-technical exploitation.

Abstract

LLMs democratize software engineering by enabling non-programmers to create applications, but this same accessibility fundamentally undermines security assumptions that have guided software engineering for decades. We show in this work how publicly available LLMs can be socially engineered to transform novices into capable attackers, challenging the foundational principle that exploitation requires technical expertise. To that end, we propose RSA (Role-assignment, Scenario-pretexting, and Action-solicitation), a pretexting strategy that manipulates LLMs into generating functional exploits despite their safety mechanisms. Testing against Odoo -- a widely used ERP platform, we evaluated five mainstream LLMs (GPT-4o, Gemini, Claude, Microsoft Copilot, and DeepSeek) and successfully exploited every tested CVE: at least one LLM produced a functional exploit for each within 3-5 prompting rounds. While prior work~\cite{jin2025good} found LLM-assisted attacks difficult and requiring manual effort, we demonstrate that this overhead can be eliminated entirely. Our findings invalidate core software engineering security principles: the distinction between technical and non-technical actors no longer provides valid threat models; technical complexity of vulnerability descriptions offers no protection when LLMs can abstract it away; and traditional security boundaries dissolve when the same tools that build software can be manipulated to break it. This represents a paradigm shift in software engineering -- we must redesign security practices for an era where exploitation requires only the ability to craft prompts, not understand code. Artifacts available at: https://anonymous.4open.science/r/From-Rookie-to-Attacker-D8B3.