Automating Zero-Day Discovery in Windows Kernel Drivers with LangChain DeepAgents

I had $100 in unused Google Cloud credits from my Google One Ultra plan and figured I'd put them toward something interesting. Over the long weekend I ended up building an automated pipeline that scans thousands of Windows kernel drivers for exploitable vulnerabilities, specifically looking for ones that can be used in BYOVD (Bring Your Own Vulnerable Driver) attacks. On its first real run on a massive driver pack, it successfully flagged a zero-day in an ASUS driver. How the pipeline works I don't reverse drivers manually anymore. I built a pipeline that scans thousands of drivers automatically and flags the ones that look exploitable. Here's what it does. ┌──────────────────────────────────────────────────┐ │ DeepZero │ │ │ │ Triage ──▶ Ghidra ──▶ Semgrep ──▶ Gemini 2.5 │ │ (.sys) (headless) (rules) (Vertex AI) │ │ │ │ │ ▼ │ │ VULNERABLE / │ │ SAFE report │ └──────────────────────────────────────────────────┘ When a vulnerable driver goes through this pipeline, its import table hits