Checkmarx today made available under its early access program a query builder and guided automation tool powered by OpenAI’s generative artificial intelligence (AI) technology, making it easier for developers to solve security problems in their applications. bottom.
AI-guided remediation reveals actionable remediation recommendations for vulnerability issues, such as misconfigurations, directly from within your integrated development environment (IDE).
The AI Query Builder, on the other hand, allows you to use natural language text to test both Checkmarx Static Application Security Tests (SAST) and Infrastructure as Code (IaC) security tools that create rules to scan your code. You can create queries for These rules can be easily tweaked or modified, and queries for other use cases can easily be added.
This approach not only reduces the time it takes to create queries by 65%, but it also significantly reduces the number of false positive alerts generated based on rules created by security administrators.
Checkmarx CEO Sandeep Johri said these additions to the Checkmarx One application security platform are aimed at improving the application security experience for developers. Most developers don’t want to be bombarded with alerts that lack real context, and don’t want to be bothered with remediation details.
Developers are unlikely to be interested in how AI can help them write more secure code from the start, but the sooner credible fixes surface, the sooner developers will get back to writing code. You can, says Johri.
In the long term, Checkmarx plans to add support for multiple Large Language Models (LLMs) beyond those provided by OpenAI and provide other AI capabilities based on more domain security knowledge. says Johri.
But despite these advances, remediating vulnerabilities won’t be fully automated using AI anytime soon, he added. Instead, it will be much easier to identify code that has inadvertently or intentionally introduced vulnerabilities, Giori said.
In fact, generative AI tools such as GitHub Copilot themselves can introduce vulnerabilities into your code. As a general-purpose AI platform, Johri noted that the recommendations that emerged were based on mixed instances of clean and flawed code. A cybercriminal may also try to subvert his LLM writing code by inserting malware-loaded snippets into samples used to train generative AI models.
However, on the plus side, generative AI tools can help reduce the chasm that currently exists between application developers and cybersecurity teams, as more issues are found and fixed before the application is deployed into production. should narrow. Instead of sending a list of vulnerabilities to developers weeks (or even months) after they have moved on to another project, it is important to ensure that the application is ready when the developer is writing the code. The challenge of exposing security issues has been resolved.
Naturally, there is a lot of anxiety when it comes to all things generative AI. One thing is certain, especially when it comes to developing secure-by-default applications, the benefits far outweigh the risks.
