Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award

AI Findings

Qwiet AI has introduced a new finding category within the preZero application.  In addition to the standard fields at the top of the screen, a new category labeled “AI Findings” will now be visible.

This is the first iteration of the AI/ML detection engine within the preZero platform, which will have a tremendous impact on the detection of new and unknown vulnerabilities in our customers’ applications.  On top of the known vulnerabilities and heuristics detection engines, Qwiet AI now has a detection engine (powered by Qwiet AI’s sister company, NumberOne AI) that  finds not just zero days, but pre-zero day vulnerabilities enabling us to prevent vulnerabilities in libraries that have not been discovered before.  As we like to put it, “finding the unknown unknowns”.

In the application security space, detecting vulnerabilities in source code is fairly straightforward.  However, when looking at in-house or custom 3rd-party libraries, manual inspection by security analysts is necessary to find the true vulnerabilities without creating false positives or false negatives. The AI engine within the preZero platform scans those previously unknown libraries and compares them against open source and previously analyzed libraries to find new vulnerabilities almost instantly.

These new results are quickly double-checked by Qwiet AI’s security research team before being flagged as actual vulnerabilities. The results are then fed back into the AI, training it to be even more accurate and efficient as time goes on. The code and data science teams have been training Qwiet’s AI on detections the team has done over the years, providing  customers with an already robust protection against those “unknown unknowns” from day 1.

The addition of the AI/ML engine will provide an additional level of protection for our customers, providing more robust detections that could previously only be obtained with exhaustive (and time consuming) manual examination by Qwiet’s security research team.  Our customers will benefit from more advanced detections with a much quicker turnaround time than ever before.

Current Qwiet AI users will begin to see scan results tagged with “AI” showing up in scan findings, indicating vulnerabilities that were detected with AI and validated by Qwiet AI’s research team.

Just like any other tag within the UI, you can click on the green “AI” tag to filter on all results detected by our AI.

In order to allow  existing customers time to integrate this new type of finding into their workflow, this feature is disabled by default.  To enable AI findings, please reach out to Qwiet AI support and we will be happy to assist.

At Qwiet AI, we believe this implementation will be a turning point in the application security space.  Just as endpoint security went from signature detection to heuristic detections and finally to AI detection of malware, we see the same future for application security testing.

These changes are just the beginning. Qwiet AI will be rolling out new features and enhancements to help improve our customers’ application security posture and deliver security defect-free code, intended to  reduce the noise and headaches often associated with traditional application security testing.

About Qwiet AI

Qwiet AI empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, Qwiet AI scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, Qwiet AI then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use Qwiet AI ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in Santa Clara, California. For information, visit: https://qwiet.ai

Share

Read Next

AI Announcements Cybersecurity
April 29, 2024 4 min to read

The Qwiet AI Code Doctor Will See You Now – Introdu...

by Stuart McClure

Qwiet AI and the ancient Greek physicians like the father of medicine Hippocrates have much in common. Hippocrates highlighted the significance of a healthy diet and lifestyle in preventing diseases and acknowledged the root cause of physical and psychological ailments as diet and lifestyle choices (Διαιτήμασί in Greek), and now Qwiet AI is delivering his […]

READ MORE
Announcements AppSec Cybersecurity Podcasts
June 27, 2023 2 min to read

Hacking Exposed is Back! Now in Podcast Form!

by Bruce Snell

In the ever-evolving world of cybersecurity, staying informed about the latest threats and trends is crucial. To cater to the growing need for expert insights, we are thrilled to announce the launch of the new Hacking Exposed podcast. Hosted by renowned cybersecurity expert Stuart McClure, this podcast promises to be a treasure trove of knowledge […]

READ MORE
Announcements
December 24, 2021 2 min to read

Detecting log4j using ShiftLeft CORE

Over the last few weeks, log4j has been the focus in most organizations. It continues to dominate tech media as the FTC threatens action against unpatched systems and Microsoft warns of continued exploits of the vulnerability. We have covered it in detail here, here, and here. In this blog, we will focus on how you […]

READ MORE

Read Next

Cybersecurity
November 22, 2021 5 min to read

Getting to Know Compliance in Software Development

On March 21, the Biden administration directed US companies to "harden your cyber defenses immediately." With these new federal guidelines for application security, the White House urged software developers to deploy "modern tools that can detect known and potential vulnerabilities" in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.

READ MORE
Cybersecurity
January 3, 2023 3 min to read

Nothing to gain and everything to lose … oh except perfec...

When I got the call to consider picking up the golden baton at the next-gen application security company (ShiftLeft) the thought hadn’t even crossed my mind. After all, I had committed to building another company (NumberOne AI), one that would build multiple companies and all of them on the foundations of predictive AI/ML to solve […]

READ MORE
Cybersecurity
June 22, 2022 3 min to read

The Progress We’ve Seen: 2022 AppSec Progress Report

In the age of digital transformation, every company has become a software company. And with software comes vulnerabilities and malicious attackers who will try to exploit them. These digital enterprises have been seeking a way to pre-empt, prevent, and defend themselves against these attacks–a way to shift security left. The concept and process of shifting […]

READ MORE
Subscribe to newsletter
Privacy Policy Terms of Service © 2024 Qwiet. All rights reserved
Services
Company
Platform
Resources
Log In