Nerve ( ) and the code_auditor example tasklet ( ) using GPT-4o to find a RCE vulnerability in the widget-options v4.0.7 Wordpress Plugin 🧠 Zero code, fully autonomous agent as a simple YAML file.

Pushed v0.4.0 with NVidia NIM integration and a few fixes, thanks to @vysecurity for the request and the help with the API key :D

The web_fingerprint example tasklet can be used to identify which technologies a website is built with:

next step: making Nerve deploy the codebase and verify the vulnerability, and then request a CVE? 😎

first part is essentially there already. As far as requesting the CVE and bearing with the disclosure process go, idk how well an AI would perform :D

Since the first tweet in this thread, Nerve has been republished to and new providers for Nvidia NIM, DeepSeek and xAI (grok-beta is pretty great with tool calling) have been implemented 🚀

How well has it done with others? Similarly? I think it would be interesting to build a list of _recent_ vulns in a dir and compare the stats!

i didn't try them all, but generally GPT and Claude models perform similarly, with bigger Anthropic models being better at extrapolating context and finding logic bugs while OpenAI seem better at single file vulnerabilities ... LLama models a bit worse than the others, but considering they're free who can complain :D

really cool man

thanks!

cc @wld_basha @rez0__ 👀