NEW YORK – Defenders are usually used to enjoy a few hours to days—or even weeks—of grace on mitigation until there was a public exploit for the vulnerability. If an AI could sift through the 130 Common Vulnerabilities and Exposure released by day in minutes and create working exploits, that “grace period” may no longer apply.

The system we have built uses a multi-stage pipeline: (1) analyzes CVE advisories and code patches, (2) creates both vulnerable test applications and exploit code, and (3) validates exploits by testing against vulnerable vs. patched versions to eliminate false positives. Scaling this up would allow an AI to process the daily stream of 130+ CVEs far faster (and more cost-efficient) than human researchers, writes Efi Weiss and Nahman Khayet.

Intro Since Large Langu

See Full Page