"Hacktron founder Zayne Zhang said the company's platform will employ multiple AI models to test every pull request and code change to identify vulnerabilities that are actually exploitable. Once identified, the platform will also surface a recommendation to remediate that issue that could be shared with an AI coding tool. The overall goal is to dramatically reduce the number of false positives that DevOps teams waste time investigating, said Zhang."
"In effect, AI will significantly reduce the current level of burden DevSecOps teams today experience when trying to maintain application security, he added. The team behind Hacktron has years of expertise researching vulnerabilities. Most recently, Hacktron uncovered critical vulnerabilities in the widely used OAuth2 Proxy project, highlighting risks in open-source infrastructure relied on by enterprise teams."
"With the advent of the latest AI models from Anthropic and OpenAI, it's apparent that vulnerabilities in code will soon be discovered within hours of an application being deployed. Once discovered, it will only take a few more hours for adversaries to find ways to exploit those vulnerabilities. The only way to prevent those cybersecurity incidents in the first place will be to leverage AI to identify and remediate vulnerabilities and weaknesses long before any application is actually deployed, noted Zhang."
Hacktron is developing an AI-driven platform that continuously tests code for vulnerabilities. The platform will use multiple AI models to evaluate every pull request and code change, focusing on vulnerabilities that are actually exploitable. When issues are found, it will provide remediation recommendations that can be shared with AI coding tools. The goal is to reduce false positives that DevOps teams spend time investigating, lowering the burden on DevSecOps teams. Hacktron’s team has experience researching vulnerabilities, including uncovering critical issues in OAuth2 Proxy and providing security testing services for organizations such as Perplexity AI and Supabase. The approach aims to identify and remediate weaknesses before deployment as adversaries can discover and exploit vulnerabilities quickly after release.
Read at DevOps.com
Unable to calculate read time
Collection
[
|
...
]