Saved in:
Bibliographic Details
Main Authors: Probst, Benjamin, Happe, Andreas, Cito, Jürgen
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.27143
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910177904558080
author Probst, Benjamin
Happe, Andreas
Cito, Jürgen
author_facet Probst, Benjamin
Happe, Andreas
Cito, Jürgen
contents Recent research has demonstrated the potential of Large Language Models (LLMs) for autonomous penetration testing, particularly when using cloud-based restricted-weight models. However, reliance on such models introduces security, privacy, and sovereignty concerns, motivating the use of locally hosted open-weight alternatives. Prior work shows that small open-weight models perform poorly on automated Linux privilege escalation, limiting their practical applicability. In this paper, we present a systematic empirical study of whether targeted system-level and prompting interventions can bridge this performance gap. We analyze failure modes of open-weight models in autonomous privilege escalation, map them to established enhancement techniques, and evaluate five concrete interventions (chain-of-thought prompting, retrieval-augmented generation, structured prompts, history compression, and reflective analysis) implemented as extensions to hackingBuddyGPT. Our results show that open-weight models can match or outperform cloud-based baselines such as GPT-4o. With our treatments enabled, Llama3.1 70B exploits 83% of tested vulnerabilities, while smaller models including Llama3.1 8B and Qwen2.5 7B achieve 67% when using guidance. A full-factorial ablation study over all treatment combinations reveals that reflection-based treatments contribute most, while also identifying vulnerability discovery as a remaining bottleneck for local models.
format Preprint
id arxiv_https___arxiv_org_abs_2604_27143
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Enhancing Linux Privilege Escalation Attack Capabilities of Local LLM Agents
Probst, Benjamin
Happe, Andreas
Cito, Jürgen
Cryptography and Security
Artificial Intelligence
Recent research has demonstrated the potential of Large Language Models (LLMs) for autonomous penetration testing, particularly when using cloud-based restricted-weight models. However, reliance on such models introduces security, privacy, and sovereignty concerns, motivating the use of locally hosted open-weight alternatives. Prior work shows that small open-weight models perform poorly on automated Linux privilege escalation, limiting their practical applicability. In this paper, we present a systematic empirical study of whether targeted system-level and prompting interventions can bridge this performance gap. We analyze failure modes of open-weight models in autonomous privilege escalation, map them to established enhancement techniques, and evaluate five concrete interventions (chain-of-thought prompting, retrieval-augmented generation, structured prompts, history compression, and reflective analysis) implemented as extensions to hackingBuddyGPT. Our results show that open-weight models can match or outperform cloud-based baselines such as GPT-4o. With our treatments enabled, Llama3.1 70B exploits 83% of tested vulnerabilities, while smaller models including Llama3.1 8B and Qwen2.5 7B achieve 67% when using guidance. A full-factorial ablation study over all treatment combinations reveals that reflection-based treatments contribute most, while also identifying vulnerability discovery as a remaining bottleneck for local models.
title Enhancing Linux Privilege Escalation Attack Capabilities of Local LLM Agents
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2604.27143