0-day detection using AI

"AI-powered 0-day detection is here," claims a new post on ZeroPath, the makers of an app on GitHub that "detects, verifies, and issues pull requests for security vulnerabilities in your code."

They report that AI-assisted security research has been "quietly moving forward" since early 2023, when DARPA researchers and the Artificial Intelligence Cyber ​​​​Challenge of ARPA-H demonstrated the first practical applications of vulnerability detection with LLM.

"Since July 2024, ZeroPath's tool has uncovered critical 0-day vulnerabilities — such as remote code execution, authentication bypasses, and insecure direct object references — in popular AI platforms and open source projects."

It identified security gaps in projects owned by Netflix, Salesforce and Hulu” with a new approach that combines deep analysis with adversarial AI agents for validation. Their methodology has exposed many critical vulnerabilities in production systems.

TL; DR — most of these bugs are simple and could have been detected by checking the code by a security researcher or in some cases, by scanners. The historical issue, however, with automating the discovery of these bugs is that traditional SAST tools based on pattern matching and predefined rules miss complex vulnerabilities that do not fit known patterns (e.g., business logic issues, audit flaws identity or non-traditional sinks such as from dependencies). They also create a high rate of false positives.

The beauty of LLMs is that they can reduce the obscurity in most cases that causes scanners to be useless or few finds when mass scanning open source repositories.

"Many vulnerabilities remain unknown due to ongoing remediation efforts or pending responsible disclosure processes," according to ZeroPath's blog post, which includes a chart showing the largest categories of vulnerabilities they discovered:zeropath

53%: Authorization errors, such as roken access control on API endpoints and unauthorized Redis access

26%: File operation issues such as directory traversal in configuration loading and unsafe file handling in upload operations.

16%: code execution vulnerabilities, such as command injection in file processing or code injection in system commands.

The company's CIO/co-founder was "ex-Red Team at Tesla," according to the startup's YCombinator profile, and earned over $100.000 as a bug-bounty hunter. (The other co-founder is a former Google security engineer.)

 

https://www.ycombinator.com/launches/LOk-zeropath-autonomous-vulnerability-patching

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).