300 WordPress Zero-Days in 72 Hours for $20: The Falling Economic Threshold of the Bug

TrendAI and CHT Security researchers have uncovered over 300 critical zero-day vulnerabilities in 72 hours using an AI pipeline developed in just three days, w…

300 WordPress Zero-Days in 72 Hours for $20: The Falling Economic Threshold of the Bug

An AI pipeline developed in just three days has successfully identified over 300 critical zero-day vulnerabilities within the WordPress ecosystem during a 72-hour automated scan. With an estimated average cost of just $20 per bug, the system—presented at Ekoparty Miami on May 22, 2026, by researchers from TrendAI and CHT Security—signals that the economic barrier to large-scale, automated vulnerability discovery has effectively collapsed. For security professionals and disclosure platforms, the challenge is no longer a future threat; it is a current structural overload.

Key Takeaways
  • Over 300 critical zero-days were identified in 72 hours using the AgentForge pipeline, which orchestrates AI-driven static analysis, Docker provisioning, and dynamic verification via Chrome DevTools MCP.
  • The average cost per discovery was approximately $20, based on 222 million tokens consumed across 95 tasks, though costs vary based on codebase quality.
  • The AI agent autonomously constructed a downgrade attack chain without manual prompting, pairing plugin rollbacks with exploitable flaws found in previous versions.
  • Dynamic verification eliminated over 80% of false positives before disclosure, yet manual validation remains a bottleneck, requiring 30 to 60 minutes per bug.

Inside AgentForge: The Pipeline Disrupting the Bug Hunter Market

At the center of this discovery is AgentForge. The pipeline integrates three core components: LLM-guided static analysis, automated Docker environment provisioning for testing, and dynamic verification using Chrome DevTools MCP. This last element is vital: rather than merely scanning code, the agent executes the plugin in a programmatically controlled browser to determine if a theoretical flaw can be turned into a functional exploit.

The AgentForge dashboard logged approximately 222 million tokens across 95 tasks during the campaign. Steven Yu, a threat research engineer at TrendAI, calculated this computational overhead to reach an average of $20 per vulnerability. Yu noted, however, that these costs are highly dependent on the quality of the analyzed codebase, suggesting that results may vary significantly across different frameworks.

Despite the automation, every finding underwent manual verification before responsible disclosure. The researchers have not yet released the list of vulnerable plugins or specific zero-day details, pending coordinated patching schedules.

Autonomous Innovation: When AI Generates its Own Attack Chains

The most significant finding was not a single vulnerability, but an emergent capability: the AI agent identified a feature that allowed a plugin to be rolled back to a previous version. It then autonomously recognized that the older version contained known exploitable flaws and combined these two facts into a functional attack chain.

Steven Yu confirmed that this specific chain was developed without manual prompts or pre-defined patterns. The agent synthesized the attack by independently linking the presence of a downgrade mechanism with existing knowledge of legacy flaws. Similar vulnerability classes were subsequently identified through pattern hunting in OpenCart and Joomla codebases, suggesting the risk spans multiple ecosystems.

This case is a milestone because it moves beyond AI simply replicating known human patterns. By recombining existing capabilities to create original attack techniques, the tool demonstrates that AI is accelerating not just the discovery of bugs, but the invention of offensive strategies.

The Triage Crisis: 80% False Positives and the Human Bottleneck

The pipeline did not yield 300 immediate exploits. Implementing dynamic verification before disclosure removed more than 80% of the false positives generated by static analysis. However, this filtering process eventually hit a structural limit: manual verification for each WordPress vulnerability still requires 30 to 60 minutes, creating a significant bottleneck.

This asymmetry highlights the core issue. AI can scale the generation of candidate vulnerabilities at a rate no human team can match. While production costs drop to $20 per valid candidate, the cost of human validation remains fixed. The result is an exponentially growing backlog that is already overwhelming existing disclosure systems.

"Both white-hat and black-hat actors are already implementing these types of actions at scale" — Steven Yu, threat research engineer at TrendAI

Overloaded: Why ZDI and NIST Cannot Keep Up with AI Bug Submissions

Steven Yu highlighted a systemic consequence of this technology: "Organizations such as ZDI and NIST are currently struggling with massive backlogs due to the explosion of AI-assisted vulnerability reports." This is not a future projection; the surge of AI-generated reports has already exceeded the triage capacity of major coordination platforms.

The problem is twofold. First, there is the sheer volume: if any team with a credit card can generate hundreds of valid reports, traditional prioritization based on information scarcity becomes obsolete. Second, signal quality is an issue: even with AI-validated reports, triage requires increasingly high-level expertise to distinguish truly novel threats from known issues or non-exploitable flaws.

Yu summarized the situation with a clear directive: "The ultimate solution is to fight AI magic with AI magic." However, this implies an arms race where attackers hold structural advantages: they are not bound by the need to validate, coordinate disclosures, or wait for patches.

Immediate Security Priorities

For WordPress administrators, plugin developers, and security operations teams, this research highlights four immediate priorities:

  • Isolate Rollback Mechanisms: Ensure that any plugin featuring downgrade functionality requires strict administrative authentication and detailed logging. Rollback capabilities must be treated as a high-risk attack surface rather than a convenience feature.
  • Reduce Exposure for Niche Plugins: Vulnerabilities were found even in plugins with over 1,000 GitHub stars; those with smaller user bases and sporadic maintenance are at even higher risk. Deactivate non-essential plugins that lack recent updates.
  • Recalibrate Internal Triage: As AI-assisted reports flood in, internal teams must implement prioritization filters based on demonstrated exploitability rather than CVSS severity alone to avoid information overload.
  • Adopt Dynamic Verification Standards: Since attackers are already utilizing automated dynamic verification, defensive strategies must include equivalent runtime testing within the CI/CD cycle, moving beyond simple pre-deployment static scans.

The Price of a Dinner for a Critical Flaw: The End of a Paradigm

The $20 figure for a zero-day discovery is more than a metric; it is a regime shift. When the cost of uncovering a critical vulnerability drops to the price of a dinner, the economic model supporting responsible disclosure—built on bounties, reputation, and skill scarcity—begins to lose its internal logic.

While Yu clarified that "this doesn't mean you can easily find a vulnerability in any WordPress site for just $20," the research proves that the entry barrier for systematic zero-day discovery has fallen well within the reach of both organized and independent threat actors.

The most disturbing takeaway is systemic rather than technical. AI has not just automated human tasks; it has created a volume of vulnerabilities that exceeds the defensive system's capacity to absorb them. There is no patch for a problem of throughput.

Sources

Information has been verified against cited sources and is current as of the time of publication.