vuln_GPT: Finding & Fixing Software Vulnerabilities with AI

AI is in the news almost every day currently, with the headlines ranging from AI usage in the arts, (particularly related to concerns around the loss of jobs), through to the use of AI to assist with cheating in exams, or development of malware tools. The AIs being discussed are more specifically not Artificial General Intelligence, but are more focussed LLMs (Large Language Models) designed for specific functions, trained through the input of large amounts of data. A subset of LLMs are known as GPTs (Generative Pretrained Transformers), which can read huge amounts of text, then see patterns in how words and phrases relate to each other, and make predictions about what words should come next. Because of this focussed approach, there are many arenas in which LLMs can make positive, valuable contributions in reducing workloads, and improving efficiencies, ranging from medicine through to development of computer technologies.

One key area is in vulnerability management. In the ever expanding digital landscape, there are currently more than 200,000 vulnerabilities detected, with about ten percent (10%) of this number detected in the last year, and this is increasing at an exponential rate. The challenge with managing, and handling vulnerabilities is an ever increasing burden, requiring significant manpower simply to keep up with the published vulnerabilities, let alone the zero-day vulnerabilities.

For most vulnerability management solutions, the focus is typically on the assessment and detection of the vulnerabilities, dealt with by one team, and the remediation of the vulnerabilities dealt with by another. With vuln_GPT, Vicarius have trained an LLM to generate scripts to remediate the vulnerabilities. This could be through removing a file, closing a port, disabling a protocol, or initiating a compensating control. These scripts can easily be deployed, and made effective in a matter of minutes through the Vicarius vRx solution. These are all strategies that can provide a sturdy and reliable fix while vendors work on releasing a patch or while security teams test one in a lab environment. Further, because vuln_GPT works without human intervention, it also makes vulnerability detection and remediation faster and more cost effective, without the need for large research teams or highly skilled security engineers, saving time and money.

Complementing these technical advantages, the reliability of vuln_GPT in producing effective remediation scripts instills confidence among cybersecurity professionals, leading to a more composed approach in handling cybersecurity challenges. This specialized AI tool, while primarily focused on technical efficiency, also subtly enhances the professional experience of those who utilize it, reflecting its multifaceted impact in the cybersecurity sector.

All of the scripts generated by vuln_GPT will be available to anyone, free of charge, in vSociety. https://www.vicarius.io/vsociety/