Black hat hacking seems to be a well-fit use case for these LLMs. Attackers only need to be right once, so the sometimes-wrongness of the attacks might be trivial. This probably devalues stashes of zero-day exploits for those that have been witholding them.
I do not personally hoard these exploits. My personal experience has been that responsible disclosure already has little to no economic incentive. I have gone through the pain of rigorously documenting and disclosing zero-day exploits through the official channel, and the vendor categorized it as Won't Fix, Intended Behavior. I feel that AI discovery devalues these disclosures even more because these bugs can now be discovered independently before anyone can act on them.
This stance doesn't make sense. They have the same access that the rest of the public does; and, any Red Team member is going to be doing the exact same thing.
I wonder if that means we're going to see an increase in the attempted 'leveraging' of hoarded zero days lest they get publicised and patched prior to being profitable.