Artificial intelligence is no longer a passive analytical tool—it has become an active threat amplifier. The case of CVE-2025-32433, a critical vulnerability in the Erlang SSH library, showcases how modern AI systems can drastically accelerate the timeline from vulnerability disclosure to working exploit. What once required days or weeks of reverse engineering and development can now be compressed into a matter of hours.
A Single Evening to Full Exploitation
This point was proven by Matthew Keeley, a security researcher at ProDefense, who challenged himself to see how far generative AI could go in converting a fresh CVE into a functional proof-of-concept exploit. Inspired by research from Horizon3.ai noting the exploitability of CVE-2025-32433, Keeley used GPT-4 and Claude Sonnet 3.7 to orchestrate the process.
The initial task for GPT-4 was setting up a fuzzing environment—generating Docker containers, configuring a vulnerable Erlang SSH server, and creating basic testing scaffolding. This in itself was impressive: AI wasn’t just writing code—it was provisioning infrastructure for dynamic analysis. While fuzzing didn’t immediately yield an exploit, the foundation was laid.
Once Keeley fed the model diff files from the patched version of the code, GPT-4 was able to compare the fixed and vulnerable implementations, identify the root cause, and generate a detailed explanation of the vulnerability: improper handling of unauthenticated SSH messages.
From there, the model drafted a working PoC, and with additional refinement using Cursor (an AI-enhanced development environment powered by Claude Sonnet 3.7), Keeley had a successful exploit by the end of the night.
Weaponization Is Now a Race Against the Clock
The defensive window between CVE disclosure and public weaponization is collapsing. Security teams can no longer treat “patching within a few days” as acceptable. In many cases, attackers with access to the same models may already be building or sharing usable exploits on private channels.
“What used to take skilled researchers a week now takes less than a day,” Keeley said. “With the right prompt engineering, you can move from a GitHub diff to a working exploit with AI writing 80% of the code.”
This isn’t just theory. In 2024, the time from vulnerability disclosure to exploitation dropped significantly for critical flaws like CitrixBleed and regreSSHion. CVE-2025-32433 now joins the growing list of vulnerabilities where AI-assisted exploit development outpaces traditional defensive cycles.
The Broader Trend: Volume and Velocity
According to NIST data, CVE publication volume increased by 38% from 2023 to 2024. But the bigger issue is velocity—how quickly attackers can exploit new flaws. Adversaries are increasingly using shared tooling and automated development pipelines to mass-deploy new attacks. Keeley’s test shows that even well-documented but niche vulnerabilities can now be turned into reliable attack vectors within hours of public disclosure.
This dynamic creates cascading risk across industries. A vulnerability discovered on Tuesday might be exploited globally by Wednesday. Patching cycles, software validation, and risk prioritization systems built around slower exploit timelines are quickly becoming obsolete.
What Defenders Need to Do Now
Organizations must assume that every publicly disclosed vulnerability is potentially already being exploited. That means moving from passive vulnerability monitoring to proactive, rapid patch deployment. Security teams need automation and orchestration tools capable of pushing fixes across environments within hours—not days.
Equally important, vulnerability management strategies must evolve to include real-time telemetry, exploit prediction, and AI-driven prioritization. If adversaries are using AI to weaponize flaws, defenders must leverage AI for triage, threat modeling, and even anticipatory patching based on exploit likelihood.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
