This article describes a framework for testing how AI models, specifically Opus 4.5 and GPT-5.2, generate exploits from vulnerability reports. It focuses on the experiments conducted using a QuickJS vulnerability, outlining the agents' strategies to bypass various security mitigations and achieve their objectives.

A serious security vulnerability in the "@react-native-community/cli" npm package allowed attackers to execute arbitrary OS commands on development servers. The flaw, tracked as CVE-2025-11953, was patched in version 20.0.0 after being discovered by JFrog's security team. Developers using affected versions are at risk if they run the Metro development server.