ChatGPT is being leveraged by OX Security to power security products in their software supply chain, the company announced.
A cybersecurity vendor has integrated a well-known AI chatbot to create ‘OX-GPT’. This is a program designed to help developers quickly fix security vulnerabilities during software development.
The platform can quickly notify developers of how a particular piece of code could be exploited by threat actors and the potential impact of such attacks.
In addition, OX-GPT presents developers with customized remediation recommendations and cut-and-paste code fixes so security issues can be quickly resolved before production.
Many software developers are inadequately trained in cybersecurity, creating vast amounts of code with vulnerabilities that require continuous patch management cycles.
Experts highlight how ChatGPT could be used for illicit means, such as launching more sophisticated cyberattacks, while others believe the code is more secure by design. to help create, thereby SolarWinds and Log 4j.
talk to Information securityNeatsun Ziv, CEO and co-founder of OX Security, said the AI tools will help developers deliver faster and more accurate data than other tools, helping to resolve security issues far more quickly. He said it would be easy to fix.
“It starts with the potential exploit, the complete context of where the security problem exists (which application, the code associated with it), and the potential for damage to the application and the organization. If it’s identified as one, developers can be sure they’re not just chasing another false positive,” he explained.
Ziv said OX-GPT is thanks to a massive dataset trained on tens of thousands of real-world cases including vulnerabilities, exploits, code fixes and recommendations collected and generated by OX’s platform. It can reduce most false positives, he added. .
However, this is an ongoing process, with “training on the latest vulnerabilities discovered, the latest findings, the latest best practices, and the latest attacks, especially in the fast-paced area of securing software supplies.” It is imperative that we continue,” he said. chain. “
Ziv also emphasized that the platform puts developers in control of their code, “saving weeks of manual work.”
Harman Singh, managing director and consultant at Cyphere, said he expects ChatGPT and other generative AI models to improve the accuracy, speed and quality of the vulnerability management process.
“Repetitive and time-consuming processes such as searching for patterns in log files (from a logging and monitoring perspective), finding vulnerabilities from vulnerability assessment data, and assisting with triage are the ones most likely to be utilized this year. Part of higher vulnerability management tasks. [by the technology]’” he outlined.
Don’t rely on generative AI yet to write your code
However, while AI models can be trained to help develop secure code, AI models are not “equivalent” replacements for human developers and should not be used to generate code on their own. warned Shin.
“If you ask whether AI systems can generate end-to-end secure code, I doubt it, because the AI systems that generate code are more likely to introduce security vulnerabilities into your applications.” he outlined.
Shin pointed to a study published last year by Cornell University in which researchers employed 47 developers to solve various code problems. In particular, we found that developers who were assisted by this model were significantly more likely to write insecure code compared to other groups who did not rely on this model.
Furthermore, he added: “AI coding will live on. But it is not yet mature, and it would be naive to rely entirely on it to solve our problems.”
