Product Update #3

From the very beginning, we wanted to build a platform that is not only useful for seasoned security researchers, but also accessible to developers with little to no security experience. This week's product update is focused on our first AI-powered feature that goes a long way towards this goal - let's get to it!

AI-assisted remediation

When PRIS, our dynamic analysis engine, finds a potential zero-day vulnerability, it shows a generic description of the vulnerability alongside the decompiled source code (and disassembly) of the affected function, highlighting the approximate site of the vulnerability. This is usually more than enough information to start an investigation into the exploitability of the finding, but what if it is not immediately apparent to you why the code is vulnerable or how it might be fixed? We now have a button to help you with that!

Once triggered, our AI assistant will try to explain why the code is vulnerable and suggest ways to fix it. The answer is streamed and usually contains example code with a possible fix for the issue.

Caveat emptor - this is AI-generated content, so there is no guarantee that the answer will be correct. But based on our experiments, it usually gives insightful, actionable advice, and may at times even recognize if the finding was a false positive.

The new button, complete with its magic wand icon makes another appearance in our Known Vulnerabilities section. You can now get an explanation of each vulnerability and some advice on how to determine if you are affected by it.

So yeah, we jumped on the AI bandwagon. These new features are powered by OpenAI's large language models, and we think they make a fine addition to our platform, helping you understand and fix issues faster.

What's next

We will keep improving the accuracy of these features, as well as experimenting with similar integrations to add additional context to findings. If you have any feedback on these features or the answers they generate, contact us.