AI Findings

Qwiet AI has introduced a new finding category within the preZero application.  In addition to the standard fields at the top of the screen, a new category labeled “AI Findings” will now be visible.

This is the first iteration of the AI/ML detection engine within the preZero platform, which will have a tremendous impact on the detection of new and unknown vulnerabilities in our customers’ applications.  On top of the known vulnerabilities and heuristics detection engines, Qwiet AI now has a detection engine (powered by Qwiet AI’s sister company, NumberOne AI) that  finds not just zero days, but pre-zero day vulnerabilities enabling us to prevent vulnerabilities in libraries that have not been discovered before.  As we like to put it, “finding the unknown unknowns”.

In the application security space, detecting vulnerabilities in source code is fairly straightforward.  However, when looking at in-house or custom 3rd-party libraries, manual inspection by security analysts is necessary to find the true vulnerabilities without creating false positives or false negatives. The AI engine within the preZero platform scans those previously unknown libraries and compares them against open source and previously analyzed libraries to find new vulnerabilities almost instantly.

These new results are quickly double-checked by Qwiet AI’s security research team before being flagged as actual vulnerabilities. The results are then fed back into the AI, training it to be even more accurate and efficient as time goes on. The code and data science teams have been training Qwiet’s AI on detections the team has done over the years, providing  customers with an already robust protection against those “unknown unknowns” from day 1.

The addition of the AI/ML engine will provide an additional level of protection for our customers, providing more robust detections that could previously only be obtained with exhaustive (and time consuming) manual examination by Qwiet’s security research team.  Our customers will benefit from more advanced detections with a much quicker turnaround time than ever before.

Current Qwiet AI users will begin to see scan results tagged with “AI” showing up in scan findings, indicating vulnerabilities that were detected with AI and validated by Qwiet AI’s research team.

Just like any other tag within the UI, you can click on the green “AI” tag to filter on all results detected by our AI.

In order to allow  existing customers time to integrate this new type of finding into their workflow, this feature is disabled by default.  To enable AI findings, please reach out to Qwiet AI support and we will be happy to assist.

At Qwiet AI, we believe this implementation will be a turning point in the application security space.  Just as endpoint security went from signature detection to heuristic detections and finally to AI detection of malware, we see the same future for application security testing.

These changes are just the beginning. Qwiet AI will be rolling out new features and enhancements to help improve our customers’ application security posture and deliver security defect-free code, intended to  reduce the noise and headaches often associated with traditional application security testing.

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit:


See for yourself – run a scan on your code right now