AI benefits/risks

AI’s Promise in Vulnerability Research Examined

AI’s promise in vulnerability research examined. (Adobe Stock)

Automated open-source project vulnerability discovery has already been conducted by artificial intelligence agents, with Code Intelligence's Spark agent facilitating the identification of a heap-based use-after-free flaw in the wolfSSL library and Google's Big Sleep agent spotting a stack buffer underflow issue in SQLite, reports SC Media.

Over two dozen open-source project flaws, including a two-decade-old OpenSSL out-of-bounds read/write bug, have also been determined by Google's OSS-Fuzz system with AI-enhanced fuzzing. Despite the benefits of AI in discovering security flaws, findings verification and validation were regarded by Code Intelligence co-founder and Chief Product Officer Khaled Yakdan to be a persistent challenge.

Yakdan also noted Code Intelligence's ongoing efforts to enhance its Spark offering to allow AI-based remediation of identified vulnerabilities. "The ultimate goal is to provide developers with a fully integrated solution that tests software, identifies security flaws, suggests patches, and verifies their correctness—all within an automated workflow," Yakdan added.

You can skip this ad in 5 seconds