Automated open-source project vulnerability discovery has already been conducted by artificial intelligence agents, with Code Intelligence's Spark agent facilitating the identification of a heap-based use-after-free flaw in the wolfSSL library and Google's Big Sleep agent spotting a stack buffer underflow issue in SQLite, reports SC Media.
Over two dozen open-source project flaws, including a two-decade-old OpenSSL out-of-bounds read/write bug, have also been determined by Google's OSS-Fuzz system with AI-enhanced fuzzing. Despite the benefits of AI in discovering security flaws, findings verification and validation were regarded by Code Intelligence co-founder and Chief Product Officer Khaled Yakdan to be a persistent challenge.
Yakdan also noted Code Intelligence's ongoing efforts to enhance its Spark offering to allow AI-based remediation of identified vulnerabilities. "The ultimate goal is to provide developers with a fully integrated solution that tests software, identifies security flaws, suggests patches, and verifies their correctness—all within an automated workflow," Yakdan added.