LLM Hacking Trial: GPT-5.5 Dominates in $1,500 Firebase Exploit Test

Added
Article: NegativeCommunity: NeutralDivisive
LLM Hacking Trial: GPT-5.5 Dominates in $1,500 Firebase Exploit Test

Security researcher Kasra tested multiple LLMs to see if they could exploit a common Firebase misconfiguration in a mock mobile app. GPT-5.5 emerged as the clear winner with a 70% success rate, while many other models were hindered by safety refusals or inefficient logic. The experiment cost $1,500 and revealed that while AI hacking is becoming viable, it remains expensive and highly dependent on the specific model's guardrails.

Key Points

  • GPT-5.5 was the top performer, successfully exploiting the Firebase vulnerability in 70% of its attempts.
  • Security guardrails in models like Gemini and Claude Opus often triggered mid-run, preventing them from completing the exploit even when they were on the right track.
  • There is a massive disparity in cost and token usage between models, with some Chinese models like GLM and Qwen being extremely expensive and token-heavy compared to Deepseek.
  • The experiment identified a 'reasoning trap' where many models incorrectly tried to use Firebase credentials to attack the API instead of accessing the database directly.
  • Infrastructure issues, such as API outages and server preemption, significantly increased the cost and difficulty of running the evaluation.

Sentiment

The overall sentiment is mixed with a cautious positive lean toward the article as an interesting experiment. Commenters generally accept that LLMs are becoming useful for security investigation, and many sympathize with the complaint that safety restrictions can block legitimate work. At the same time, the community is skeptical of treating the results as a clean capability ranking and repeatedly emphasizes methodological limits, validation costs, and the real abuse risks behind guardrails.

In Agreement

  • The experiment usefully shows that LLMs can identify and exploit realistic security weaknesses when they are allowed to investigate beyond the obvious API surface.
  • Some models likely underperformed because safety guardrails blocked legitimate security research rather than because they lacked the underlying capability.
  • Less-restricted models and competitive non-Western providers may pressure frontier labs to keep security-research workflows usable.
  • AI-assisted security work is already useful for finding known vulnerability classes and supporting bug-bounty style investigation when paired with human judgment.

Opposed

  • The benchmark is not definitive because the harness, prompt framing, provider choices, and account-level safety differences may have heavily shaped the results.
  • Autonomous exploitation is an unrealistic evaluation mode for many real security reviews, where human guidance and validation are central to success.
  • Guardrails are defensible because current LLM agents can hallucinate, mishandle credentials, damage production systems, or turn mistakes into incidents.
  • The economics remain weak for broad automated security auditing because building the harness and validating false positives can cost more than the model calls.
LLM Hacking Trial: GPT-5.5 Dominates in $1,500 Firebase Exploit Test | TD Stuff