Generative cybersecurity exploit discovery and evaluation

We claim: 1 . A method for automatic vulnerability discovery and mitigation, the method comprising: determining an application of interest for vulnerability detection and mitigation, wherein the application of interest is determined based on at least one of: receiving a user indication, identifying a newly installed application, identifying an application update, or identifying an application configuration change; determining application analysis data of the application, wherein the application analysis data comprises one or more of: static analysis data, source code analysis data, dynamic analysis data, or network activity data; generating, based on the application analysis data, a set of data comprising a representation of at least a portion of the application analysis data; applying a trained machine learning model on the set of data to generate a set of outputs indicative of a potential vulnerability; determining, based at least in part on the set of outputs, that the potential vulnerability is a vulnerability, wherein determining that the potential vulnerability is a vulnerability comprises: determining an exploit for the potential vulnerability, wherein determining the exploit for the potential vulnerability comprises at least one or identifying an existing exploit based at least in part on at least one of the set of data or set of outputs or generating an exploit based at least in part on at least one of the set of data or the set of outputs; executing the exploit; and analyzing a result of the exploit to determine that the exploit was successful; determining, for the vulnerability, a mitigation action, wherein the mitigation action is determined at least in part based on providing the set of outputs to a second machine learning model; applying the mitigation action. 2 . A method for automatic vulnerability discovery and mitigation, the method comprising: determining an application of interest for vulnerability detection and mitigation, wherein the application of interest is determined based on at least one of: receiving a user indication, identifying a newly installed application, identifying an application update, or identifying an application configuration change; determining application analysis data of the application, wherein the application analysis data comprises one or more of: static analysis data, source code analysis data, dynamic analysis data, or network activity data; generating, based on the application analysis data, a set of data comprising a representation of at least a portion of the application analysis data; applying a trained machine learning model on the set of data to generate a set of outputs indicative of a potential vulnerability; determining, based at least in part on the set of outputs, that the potential vulnerability is a vulnerability by: generating, based at least in part on the set of outputs, a software attack comprising executable code, wherein the executable code is generated using at least one large language model; executing the executable code against a potentially vulnerable system; and determining, based on a result of executing the executable code, that the potentially vulnerable system is vulnerable. 3 . The method of claim 2 , wherein the trained machine learning model is configured to generate outputs indicative of at least one of: a type of vulnerability, an attack vector, required privileges, or user interaction requirements. 4 . The method of claim 2 , further comprising: determining, for the vulnerability, a mitigation action, wherein the mitigation action is determined at least in part based on providing the set of outputs to a second machine learning model. 5 . The method of claim 2 , further comprising: determining an assessed risk level for the potential vulnerability. 6 . The method of claim 2 , wherein determining application analysis data of the application comprises performing static analysis, wherein performing the static analysis comprises: disassembling the application using a disassembler; identifying one or more strings in the application; and identifying one or more execution paths of the application. 7 . The method of claim 2 , wherein determining application analysis data of the application comprises performing dynamic analysis, wherein performing the dynamic analysis comprises: executing the application; and monitoring, during the executing, operations of the application, the operations comprising one or more of: a file operation, a network operation, or a memory operation. 8 . The method of claim 2 , wherein the trained machine learning model comprises a large language model, wherein the large language model is configured to discover vulnerabilities using one of: static analysis data, dynamic analysis data, code analysis data, or network analysis data. 9 . The method of claim 2 , wherein the trained machine learning model comprises a plurality of large language models, wherein each large language model of the plurality of large language models is configured to perform a different vulnerability discovery task of a set of vulnerability discovery tasks. 10 . The method of claim 9 , wherein the set of vulnerability discovery tasks includes vulnerability discovery in different assessment domains. 11 . The method of claim 9 , wherein the set of vulnerability discovery tasks includes vulnerability discovery using different types of vulnerability discovery data, wherein the different types of vulnerability discovery data comprise at least one of static analysis data, dynamic analysis data, source code analysis data, or network analysis data. 12 . The method of claim 2 , further comprising: determining a platform associated with the application, wherein the platform indicates an ecosystem of computing resources associated with the application; identifying a set of assessment domains associated with the platform by comparing a platform identifier of the platform to an assessment domain mapping data structure; generating an attack based on the vulnerability using a large language model; executing the attack against the platform; determining, based on a result of executing the attack, an assessment domain impact level for an assessment domain of the set of assessment domains associated with the platform; and generating for output, a representation indicating at least one assessment domain-specific impact level. 13 . A system for automatic vulnerability discovery and mitigation, the system comprising: at least one hardware processor; and at least one non-transitory memory storing instructions which, when executed by the at least one hardware processor, cause the system to: determine an application of interest for vulnerability detection and mitigation, wherein the application of interest is determined based on at least one of: receiving a user indication, identifying a newly installed application, identifying an application update, or identifying an application configuration change; determine application analysis data of the application, wherein the application analysis data comprises one or more of: static analysis data, source code analysis data, dynamic analysis data, or network activity data; generate, based on the application analysis data, a set of data comprising a representation of at least a portion of the application data; apply a trained machine learning model on the set of data to generate a set of outputs indicative of a potential vulnerability; and determine, based at least in part on the set of outputs, that the potential vulnerability is a vulnerability by: generating, based at least in par