In this episode, David Bombal sits down with vulnerability researcher Vladimir Tokarev (with Dawid on the interview) to show what AI-assisted vulnerability research looks like when it actually works.

Vladimir walks through two real vulnerability case studies and uses them to explain a practical workflow for finding bugs faster with LLMs, without pretending the AI is “fully autonomous.”

Demo 1: Gemini CLI command injection
Vladimir demonstrates a command injection issue in Gemini CLI tied to the IDE / VS Code extension install flow. He shows how a malicious VSIX file name or path can be crafted so that when the install command is executed, the system ends up running an attacker-controlled command (the demo uses a harmless calculator launch to prove execution). The conversation then breaks down what a VSIX is, what the realistic attack paths are (user tricked into installing a malicious extension or placing it in the right directory), and why this class of bug matters for endpoints running local AI agents.

Demo 2: VirtualBox integer overflow and VM escape class impact
Next, Vladimir switches to a VirtualBox vulnerability involving an integer overflow that can lead to out-of-bounds read/write in the host process. Because of architecture constraints, he shows the exploit behavior via a recorded clip, then explains the bug using source code. The key teaching moment is the mismatch between 32-bit arithmetic used in bounds checking and 64-bit pointer arithmetic used during the actual memory move, creating a pathway to bypass checks and copy memory outside the intended buffer.
Vladimir also explains why having both read and write primitives is powerful for exploitation, and how modern mitigations make “blind” exploitation unrealistic without memory disclosure.

How the bugs were found with AI
Vladimir then explains the workflow he uses in real engagements:
• Run static analysis to generate leads at scale
• Use an LLM to triage and filter out noise
• Validate the remaining findings by tracing code paths and checking exploitability
• Use AI again to accelerate setup, debugging, reverse engineering, and iteration

He shares a key insight: the win is not “AI finds everything for you,” it is that AI helps you spend your time on the hardest parts—validation, exploit logic, and decision-making—instead of drowning in thousands (or millions) of findings.

Why there is no fully autonomous vuln-research agent yet
Finally, Vladimir lays out four practical blockers:
1. Depth reasoning (long multi-step exploit chains)
2. Context limits (missing system-level constraints and assumptions)
3. Learning from failure (repeating bad leads)
4. Exploration (poor goal-driven search without strong reinforcement learning)

The interview ends with advice for newcomers: start by reproducing known CVEs, learn by doing, and use AI with guardrails to avoid hallucinations and time-wasting rabbit holes. Vladimir also mentions workshops where he teaches these workflows at conferences.

// Vladimir Tokarev’s SOCIAL // 
X:  https://x.com/G1ND1L4 
LinkedIn:  https://www.linkedin.com/in/vladimir-eliezer-tokarev/ 

// Dawid van Straaten’s SOCIAL // 
LinkedIn:  https://www.linkedin.com/in/dawid-van-straaten-31a3742b/ 
X:  https://x.com/nullaxiom?s=21 

// David's SOCIAL //  
Discord: https://discord.com/invite/usKSyzb  
X: https://www.twitter.com/davidbombal  
Instagram: https://www.instagram.com/davidbombal  
LinkedIn: https://www.linkedin.com/in/davidbombal  
Facebook: https://www.facebook.com/davidbombal.co  
TikTok: http://tiktok.com/@davidbombal  
YouTube: https://www.youtube.com/@davidbombal 
Spotify:  https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ 
SoundCloud:  https://soundcloud.com/davidbombal 
Apple Podcast:  https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 

// MY STUFF // 
https://www.amazon.com/shop/davidbombal  

// SPONSORS //  
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com 

// MENU // 
0:00 - Coming up 
01:14 - Vladimir Tokarev introduction and AI hacking tools 
03:27 - Gemini CLI hacking demo 
09:03 - Vulnerability code explained 
10:08 - Integer overflow vulnerability demo 
14:28 - Source code vulnerability explained 
22:24 - How the vulnerabilities were discovered 
26:34 - AI speeding up the process // Issues with AI 
34:06 - How much does AI help with workflow 
35:43 - AI for defenders and for attackers 
38:12 - How to become like Vladimir 
42:57 - AI accelerating workflow 
44:33 - How to prevent AI hallucinations 
46:23 - AI assistant tools 
48:13 - Conclusion 

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!  

Disclaimer: This video is for educational purposes only.
#vulnerabilityresearch #ai #virtualbox

David Bombal

A vulnerability researcher at Sierra demonstrates two real-world vulnerabilities: a command injection in Gemini CLI (caused by unsanitized path concatenation) and an integer overflow in VirtualBox leading to out-of-bounds heap read/write enabling VM escape. He explains how he used AI tools—Cursor, Claude Opus, and static analysis—to accelerate finding and triaging these bugs, reducing millions of Semgrep findings to actionable leads. He then outlines four key reasons why fully autonomous AI vulnerability agents don't yet exist: deep reasoning limitations, context size constraints, inability to learn from mistakes, and lack of exploratory intuition. Despite these limits, he argues AI has dramatically accelerated his output, enabling him to submit 60+ vulnerabilities in 5 months.

Why No Auto Vuln Agent? 4 Limits Blocking AI Bug Hunting