Code Intelligence's New LLM-Powered AI-Assistant CI Spark Accelerates Software Security Testing By 15X
Bonn, Germany, September 13th, 2023 - Code Intelligence today announced CI Spark, a new LLM-powered AI-assistant for software security testing. CI Spark automatically identifies attack surfaces and suggests test code for them, enabling developers to reduce the manual effort needed to generate powerful white-box tests from multiple hours down to a few minutes. As part of an ongoing collaboration with Google's OSS-Fuzz, CI Spark already helped Code Intelligence engineers uncover over 50 CVES.
At its core, CI Spark pairs LLM's code analysis and test generation capabilities with AI-powered white-box testing. CI Spark is guided by an extensive set of prompts to identify security-critical functions and automatically generate high-quality tests for them. Code Intelligence's feedback-based fuzzing functionalities can use these prompts to as a starting point for their self-learning algorithms. Advantages of this new approach to test creation are:
- Automatic identification of fuzzing candidates: CI Spark provides a list of public functions/methods that can be used as entry points for fuzz tests.
- Leveraging existing unit test: Unit tests that call the candidate API can be used as hints for CI Spark. These provide valuable examples of the correct usage of the API in the tests and results in better tests.
- Automatic generation of tests: The ability to generate a fuzz test for a selected candidate. An interactive mode allows the user to give tips to the AI to improve the quality of the generated test and fix any errors.
- Improving existing tests: If you already have fuzz tests, CI Spark can assist you in improving the test to increase code coverage.
“Code Intelligence’s new AI-assistant, CI Spark, is addressing the tradeoff between development speed and security that many dev teams still have to make,” said Sergej Dechand, CEO and Co-Founder, Code Intelligence. “By combining the LLMs and self-learning AI, the solution is empowering engineers to create white-box tests 15 times faster than before.”
With the help of CI Spark, Code Intelligence engineers have uncovered more than 50 CVEs, including SQL/Command Injections, XSS, and Remote Code Executions, during initial use with Google’s OSS-Fuzz, a project aimed at continuously ensuring the security of open-source projects. Complementary to CI Spark, the Google Security team recently added a similar functionality to OSS-Fuzz, with a focus on C/C++. Code Intelligence’s CI Spark runs fuzz tests for JavaScript/TypeScript, Java and C/C++, with support for other languages to be added soon. A rollout of CI Spark for commercial projects is in the works.
More details on CI Spark, can be found in Code Intelligence’s blog on the topic.
About Code Intelligence:
Founded in 2018 by Sergej Dechand, Khaled Yakdan, and Matthew Smith, Code Intelligence offers an automated software security platform that helps developers ship more secure code. Last year Code Intelligence raised over $12M of Series A funding. The round was led by Tola Capital and introduced Thomas Dohmke (CEO of GitHub) as an angel investor. Code Intelligence is trusted by Google, Deutsche Telekom, Bosch, and CARIAD, among others.
Media Kit
Link
Media Contact
press@code-intelligence.com