DATA SHEET
AI in AppSec: Preventing the Unpreventable
Finding the Unknown Unknowns
Scanning for security issues in open source libraries is a fairly straightforward affair, as most vulnerabilities are documented very quickly after discovery. When looking at in-house or custom 3rd party libraries, manual inspection by security analysts is necessary to find the true vulnerabilities without creating false positives or false negatives. This is where Qwiet AI comes into play.
The Qwiet AI engine within the preZero platform scans those previously unknown libraries and compares them against findings from open source and previously analyzed libraries to find new vulnerabilities almost instantly.
This allows Qwiet AI to do more than find zero day vulnerabilities, but to also find previously unknown (or unreleased) vulnerabilities. We do this not just for open source or widely used libraries, but for custom code or proprietary libraries that were previously unknown to our scanning engine.
Truly Unknown Unknowns!
How AI Changes the Game in AppSec
1. Finds previously unknown vulnerabilities in source code.
2. Scans provide a picture in depth of the application and its high-risk vulnerabilities.
3. Scans return far more accurate results with significant reduction in false positives.
Find and Fix
Vulnerabilities Before
They Get Deployed &
Exploited
The Qwiet preZero platform utilizes AI and ML in conjunction with our patented Code Property Graph (CPG) that combines properties of abstract syntax trees, control flow graphs, and program dependence graphs into a joint data structure that highlights not only the libraries and variables, but also the interconnectivity and data flow between all the elements within a piece of code. This allows Qwiet AI to not only find vulnerabilities quickly, but also illustrates which vulnerabilities are reachable by an attacker, helping organizations to more easily prioritize the fixes that need to happen immediately, reducing risk without increasing tech debt.
AI results are highlighted within scan results, making them easier to spot.
Constantly
Learning,
Constantly
Improving
Of course with any AI, a guiding hand is needed to provide highly accurate results. When Qwiet AI finds previously unknown vulnerabilities, the results are double-checked by our security research team before being flagged as actual vulnerabilities.
Validated results are then included in the scan results and are also used to further train the AI, allowing for increasingly accurate scan results in the future. At Qwiet AI, we strive to be smarter tomorrow than we are today.
Speeds Time to Market, Without Increasing Tech Debt
The ultimate goal of the preZero platform is to use a combination of known vulnerabilities, heuristic detections, and guided AI to quickly provide accurate results.
This allows our customers to fix reachable and attackable vulnerabilities without wasting developer time hunting down false positives or upgrades that could be done at a later date.
Focusing on these high priority vulnerabilities, Qwiet customers fix 70% of new vulnerabilities in 14 days or less.