trust, AI,

German security company, Code Intelligence, on Thursday introduced what it claims is the first AI agent that autonomously finds bugs and vulnerabilities in unknown code without the need of a human.

The agent, called Spark, is designed to fully automate software testing by automatically generating and running a test for widely used open-source software. This helps it identify bugs early in the development process to remediation, and lower the entry barrier to advanced security testing technologies like white-box fuzz testing. When testing software for a code base with 100,000 lines of code, for example, it saved as many as 1,000 hours in manual effort.

In a final beta testing, Code Intelligence said Spark unearthed a vulnerability in WolfSSL, an open-source cryptography library widely used in developing embedded devices and IoT systems, that could cause unexpected behavior, crashes, or security exploits. WolfSSL solved the problem immediately with Spark and issued a new version with fix last month. The only human involvement required was a single command to run the AI test agent, according to Code Intelligence.

“The uncovered real-world vulnerability proves that AI can effectively take over manual tasks in software testing, such as analyzing code, identifying the most likely attack vectors, generating and running tests, and can thereby yield great results,” Code Intelligence CEO, Eric Brueggemann, said in a statement. “Next, we will focus on going even further by also automatically fixing any uncovered bugs. This means the entire software testing process from creating tests to bug remediation will be completed in minutes without human interaction.”

Brueggemann quickly noted, however, that humans will continue to make final decisions. “We will provide automatically generated pull requests with a proven fix for identified vulnerabilities directly in the CI/CD pipeline,” he said.

The minimal-human involvement approach of Spark is yet another manifestation of AI agents quickly becoming part of a flourishing digital workforce at enterprises to improve efficiency while freeing up people to do more creative work. One customer of Code Intelligence vouched for time saved in its testing process.

“We were truly impressed by the abilities of Spark to enhance our fuzz testing workflows,” Andreas Lackner, senior software development engineer at Vector Informatik, said of Spark. “By reducing the manual effort for creating and integrating fuzz tests, we are able to bring our cycle time down and further improve the quality of our embedded software.”

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Qlik Tech Field Day Showcase

TECHSTRONG AI PODCAST

SHARE THIS STORY