Qwiet AI has introduced a new finding category within the preZero application. In addition to the standard fields at the top of the screen, a new category labeled “AI Findings” will now be visible.
This is the first iteration of the AI/ML detection engine within the preZero platform, which will have a tremendous impact on the detection of new and unknown vulnerabilities in our customers’ applications. On top of the known vulnerabilities and heuristics detection engines, Qwiet AI now has a detection engine (powered by Qwiet AI’s sister company, NumberOne AI) that finds not just zero days, but pre-zero day vulnerabilities enabling us to prevent vulnerabilities in libraries that have not been discovered before. As we like to put it, “finding the unknown unknowns”.
In the application security space, detecting vulnerabilities in source code is fairly straightforward. However, when looking at in-house or custom 3rd-party libraries, manual inspection by security analysts is necessary to find the true vulnerabilities without creating false positives or false negatives. The AI engine within the preZero platform scans those previously unknown libraries and compares them against open source and previously analyzed libraries to find new vulnerabilities almost instantly.
These new results are quickly double-checked by Qwiet AI’s security research team before being flagged as actual vulnerabilities. The results are then fed back into the AI, training it to be even more accurate and efficient as time goes on. The code and data science teams have been training Qwiet’s AI on detections the team has done over the years, providing customers with an already robust protection against those “unknown unknowns” from day 1.
The addition of the AI/ML engine will provide an additional level of protection for our customers, providing more robust detections that could previously only be obtained with exhaustive (and time consuming) manual examination by Qwiet’s security research team. Our customers will benefit from more advanced detections with a much quicker turnaround time than ever before.
Current Qwiet AI users will begin to see scan results tagged with “AI” showing up in scan findings, indicating vulnerabilities that were detected with AI and validated by Qwiet AI’s research team.
Just like any other tag within the UI, you can click on the green “AI” tag to filter on all results detected by our AI.
In order to allow existing customers time to integrate this new type of finding into their workflow, this feature is disabled by default. To enable AI findings, please reach out to Qwiet AI support and we will be happy to assist.
At Qwiet AI, we believe this implementation will be a turning point in the application security space. Just as endpoint security went from signature detection to heuristic detections and finally to AI detection of malware, we see the same future for application security testing.
These changes are just the beginning. Qwiet AI will be rolling out new features and enhancements to help improve our customers’ application security posture and deliver security defect-free code, intended to reduce the noise and headaches often associated with traditional application security testing.