[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-86194-en":3,"doc-seo-86194-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},86194,13056703019662,"Evangeline","https://ap-avatar.wpscdn.com/avatar/be000253a8e92610077?_k=1778726343310543188",6,"Technology","Mako: A Self-Evolving Agentic Operating System (SE-AOS) for Autonomous Web Exploitation","The Self-Evolving Agentic Operating System (SE-AOS), introduced as a new AI agent class, models exploit capability as a mutable, versioned kernel that extends at runtime. SE-AOS observes its own failures, synthesizes new capabilities, proves them against live targets, and hot-loads validated improvements back into itself. Mako is the LaunchSafe engine enabling continuous offensive testing and agent-driven security research, achieving verified full-suite coverage on XBOW.","Mako: A Self-Evolving Agentic Operating System (SE-AOS) for Autonomous Web Exploitation  \nPraneeth Narisetty  \nLaunchSafe  \n[praneeth@launchsafe.com](praneeth@launchsafe.com)  \nShiva Nagendra Babu Kore  \nLaunchSafe  \n[shiva@launchsafe.com](shiva@launchsafe.com)  \narXiv :2607 . 1 1288v 1 [ cs .CR] 13 Jul 2026  \nAbstract—We introduce the Self-Evolving Agentic Operating System (SE-AOS): a new class of AI agent that treats exploit capability as a mutable, versioned kernel it extends at runtime, observing its own failures, synthesising new capabilities, proving them against a live target, and hot-loading them back into itself. Mako is the first SE-AOS instance for security research and the autonomous web exploitation engine developed within LaunchSafe. LaunchSafe builds autonomous security agents for continuous offensive testing and agent-driven security research; Mako is the core engine behind that platform. On the public XBOW validation-benchmarks, 104 containerised, CTFstyle web applications spanning 26 vulnerability classes across three difficulty tiers, Mako achieves full-suite coverage: it drives every one of the 104 targets to emit a cryptographically fresh, per-build flag, under a verification regime that makes fabricated or memorised results impossible. Our central result is a law of autonomous exploitation: once a capability exists and is discoverable, difficulty collapses; capability, not reasoning, is what is scarce, together with an architecture and formalism that turn that law into a self-improving system. Mako further runs agated self-evolution loop that proposes, sandboxes, and commits improvements to its own agents and rules when fitness does not regress. We deliberately withhold the operational results, payloads, exploit chains, and tool source, because a system that reduces full-spectrum web exploitation to a repeatable, machine-speed pipeline is dual-use research of concern. We publish the science; we withhold the weapon.  \nIndex Terms—autonomous exploitation, AI agents, agentic operating system, capability kernel, LLM agents, offensive security, penetration testing, XBOW, web application security, fabrication-proof evaluation, dual-use research, self-improving agents, LaunchSafe, Mako  \nI. INTRODUCTION  \nA. Positioning and Novelty  \nThis is a systems, theory, and methodology paper, not aleaderboard entry. Its contribution is not a single number but (i) a new class of agent architecture, (ii) a formalism that makes self-evolution measurable, and (iii) a complete, auditable pipeline that turns difficult web-exploitation problems into verified exploit capability, without ever admitting a fabricated flag, a memorised string, or an unverifiable self-report. To our knowledge, no prior published system combines a selfauthored, runtime-growing capability kernel with a fabricationproof verification gate and full-suite coverage of a security benchmark. Mako advances the state of the art on five axes: (1) a new architectural class, the Self-Evolving Agentic Operating System, in which capability is a mutable, versioned kernel  \nTABLE I AT A GLANCE  \n\n| System | Mako SecurityResearchAgent (LaunchSafe), a self-evolving, tool-authoring security-research agent |\n| --- | --- |\n| Reasoning models | Primary: Google Gemini 2.5 Flash; escalation tier: Gemini 3.1 Pro Preview (engages only after the agent passes 70% of the turn budget with no confirmed finding) . Both are Gemini-family models [16](no separate technical report exists for these specific preview versions); per-turn model was not separately logged, so the escalation model’s exact per-benchmark use is unconfirmed. |\n| Benchmark suite | XBOW validation-benchmarks [15], 104 Jeopardy-style web CTFs (XBEN-001-24. . . XBEN-104-24); 26 vulnerability classes across three difficulty tiers |\n| Headline result | Full-suite coverage, 104/104 benchmarks driven to emit a freshly-randomised flag from the live target; every solve verified against the genuine application response, never ","cbCaibtZCBx1bL3s","https://ap.wps.com/l/cbCaibtZCBx1bL3s","pdf",828134,1,13,"English","en",105,"# Introduction\n## Positioning and Novelty\n## System Overview\n# Methodology\n## Self-Evolution and Capability Kernel\n## Fabrication-Proof Verification\n# Results and Evaluation\n## XBOW-104 Coverage\n## Verification Procedure\n# Disclosure and Dual-Use Considerations","[{\"question\":\"What is SE-AOS and how does it improve exploit capability over time?\",\"answer\":\"SE-AOS treats exploit capability as a mutable, versioned kernel extended at runtime. It observes failures, synthesizes new capabilities, proves them against live targets, and hot-loads validated improvements back into itself.\"},{\"question\":\"How does Mako prevent fabricated or memorized evaluation results?\",\"answer\":\"Mako uses fresh randomized per-build flags and verification against ground-truth application responses captured in real tool outputs, rather than relying on agent self-reports.\"},{\"question\":\"What evaluation result does Mako achieve on the XBOW-104 benchmarks?\",\"answer\":\"On the public XBOW validation benchmarks, Mako achieves full-suite coverage with 104 out of 104 containerized web CTF targets, spanning 26 vulnerability classes across three difficulty tiers.\"}]",1784209290,33,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"mako-a-self-evolving-agentic-operating-system-se-aos-for-autonomous-web-exploitation","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/technology/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/mako-a-self-evolving-agentic-operating-system-se-aos-for-autonomous-web-exploitation/86194/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"What is SE-AOS and how does it improve exploit capability over time?","Question",{"text":75,"@type":76},"SE-AOS treats exploit capability as a mutable, versioned kernel extended at runtime. It observes failures, synthesizes new capabilities, proves them against live targets, and hot-loads validated improvements back into itself.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"How does Mako prevent fabricated or memorized evaluation results?",{"text":80,"@type":76},"Mako uses fresh randomized per-build flags and verification against ground-truth application responses captured in real tool outputs, rather than relying on agent self-reports.",{"name":82,"@type":73,"acceptedAnswer":83},"What evaluation result does Mako achieve on the XBOW-104 benchmarks?",{"text":84,"@type":76},"On the public XBOW validation benchmarks, Mako achieves full-suite coverage with 104 out of 104 containerized web CTF targets, spanning 26 vulnerability classes across three difficulty tiers.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,110,113,118,123,128,131,135],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":45,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":111,"slug":112},50,"technology",{"id":114,"doc_module":4,"doc_module_name":45,"category_name":115,"show_sort_weight":116,"slug":117},7,"Healthcare",40,"healthcare",{"id":119,"doc_module":4,"doc_module_name":45,"category_name":120,"show_sort_weight":121,"slug":122},8,"Research & Report",30,"research-report",{"id":124,"doc_module":4,"doc_module_name":45,"category_name":125,"show_sort_weight":126,"slug":127},9,"Religion & Spirituality",20,"religion-spirituality",{"id":126,"doc_module":4,"doc_module_name":45,"category_name":129,"show_sort_weight":126,"slug":130},"World Cup","world-cup",{"id":132,"doc_module":4,"doc_module_name":45,"category_name":133,"show_sort_weight":132,"slug":134},10,"Lifestyle","lifestyle",{"id":136,"doc_module":4,"doc_module_name":45,"category_name":137,"show_sort_weight":106,"slug":138},19,"General","general"]