Back to the articles

Product Update #3

picture of the author

Bálint Jánvári

May 10, 2023 2 mins read

Product Update #3

From the very beginning, we wanted to build a platform that is not only useful for seasoned security researchers, but also accessible to developers with little to no security experience. This week's product update is focused on our first AI-powered feature that goes a long way towards this goal - let's get to it!

AI-assisted remediation

When PRIS, our dynamic analysis engine, finds a potential zero-day vulnerability, it shows a generic description of the vulnerability alongside the decompiled source code (and disassembly) of the affected function, highlighting the approximate site of the vulnerability. This is usually more than enough information to start an investigation into the exploitability of the finding, but what if it is not immediately apparent to you why the code is vulnerable or how it might be fixed? We now have a button to help you with that!

Very large buttons are quickly becoming the staple of these posts Very large buttons are quickly becoming the staple of these posts

Once triggered, our AI assistant will try to explain why the code is vulnerable and suggest ways to fix it. The answer is streamed and usually contains example code with a possible fix for the issue.

Look, a buffer overflow Look, a buffer overflow

Caveat emptor - this is AI-generated content, so there is no guarantee that the answer will be correct. But based on our experiments, it usually gives insightful, actionable advice, and may at times even recognize if the finding was a false positive.

The new button, complete with its magic wand icon makes another appearance in our Known Vulnerabilities section. You can now get an explanation of each vulnerability and some advice on how to determine if you are affected by it.

Additional context for CVEs Additional context for CVEs

So yeah, we jumped on the AI bandwagon. These new features are powered by OpenAI's large language models, and we think they make a fine addition to our platform, helping you understand and fix issues faster.

What's next

We will keep improving the accuracy of these features, as well as experimenting with similar integrations to add additional context to findings. If you have any feedback on these features or the answers they generate, contact us.

Was it worth your time?

Sign up for our newsletter to receive articles like this in your inbox 1-2 times per month.