LLM-based agents can effectively automate IoT penetration testing and vulnerability exploitation, but their deployment requires careful consideration of security implications and controlled environments.
This paper presents VEXAIoT, an AI agent framework that automatically discovers and exploits vulnerabilities in IoT systems. Using large language models to reason about security weaknesses, the system combines reconnaissance, attack planning, and exploit execution to test IoT security across standard vulnerable environments, achieving 95% success rates.