When looking at in-house or custom 3rd party libraries, manual inspection by security analysts is necessary to find the true vulnerabilities without creating false positives or false negatives.
The Qwiet AI engine within the preZero platform scans those previously unknown libraries and compares them against open source and previously analyzed libraries to find new vulnerabilities almost instantly.
This allows Qwiet AI to do more than find zero day vulnerabilities, but to also find previously unknown (or unreleased) vulnerabilities.
To learn more, read these insights from our CTO on AI in AppSec
Of course with any AI, a guiding hand is needed to provide highly accurate results. When Qwiet AI finds previously unknown vulnerabilities, the results are double-checked by our security research team before being flagged as actual vulnerabilities.
Validated results are then included in the scan results, but are also used to further train the AI, allowing for increasingly accurate scan results in the future.
The ultimate goal of the preZero platform is to use a combination of known vulnerabilities, heuristic detections, and guided AI to quickly provide accurate results.
This allows our customers to fix reachable and attackable vulnerabilities without wasting developer time hunting down false positives or upgrades that could be done at a later date.
Focusing on these high priority vulnerabilities, Qwiet customers fix 70% of new vulnerabilities in 14 days or less.
People and teams only have so much bandwidth to offer and a lack of bandwidth across the software development life cycle can lead to unsecure code. Qwiet’s AI works alongside your developers and our security researchers as a force multiplier to spot the most critical vulnerabilities for them.
AI is a core component of the Qwiet preZero Platform. Trained on both open-source and proprietary libraries, Qwiet’s AI technology can uncover high-risk vulnerabilities quickly and accurately.
The result—a noise-free list that prioritizes the riskiest of code, which allows your team to focus on the high-priority fixes.