Startup Apiiro Ltd. today introduced a new artificial intelligence tool, AutoFix Agent, that promises to help developers fix vulnerabilities in their code more quickly.
The offering made its debut at the Black Hat cybersecurity conference in Las Vegas.
Apiiro is backed by more than $130 million from Greylock, Kleiner Perkins and other investors. It provides a platform that can automatically scan a company’s applications for security issues. The new AutoFix Agent that debuted today is built atop the platform.
According to Apiiro, the tool can spot vulnerable application features even before developers start writing them. When a programmer suggests a new capability that should be added to an application, AutoFix Agent highlights what vulnerabilities it could introduce. The tool then generates recommendations on how to fix them.
Under the hood, AutoFix Agent uses connectors to collect data from software teams’ ticketing systems. Those are applications in which developers keep information about planned feature releases. The tool analyzes the data it collects using a large language model.
Once the code of a new feature is ready, AutoFix Agent can check whether it complies with a company’s cybersecurity policies. Apiiro says that the tool’s AI models detect a wide range of vulnerabilities.
AutoFix Agent uses SAST, or static application security testing, methods to find security issues that stem from common programming mistakes. Website forms, for example, usually include code that filters potentially malicious input such as SQL instructions. AutoFix Agent can detect the absence of such code.
The tool also scans applications for secrets. Those are sensitive pieces of data such as encryption keys that are used in a workload’s cybersecurity mechanisms. If secrets are not property protected, hackers can steal them by reverse-engineering an application’s code.
AutoFix Agent collects the application data it uses to find vulnerabilities via Apiiro’s platform. The latter product, in turn, gathers the information through integrations with third-party code analysis tools. It organizes the raw data those tools generate in a format that lends itself better to analysis.
Some code vulnerabilities pose a theoretical risk, but can’t lead to a breach in practice. For example, an application component that stores sensitive data in plain text can’t be targeted by hackers if it’s behind a firewall. Apiiro says that AutoFix Agent automatically ranks vulnerabilities based on the risk they pose to help administrators prioritize the most pressing bugs.
“Apiiro’s AutoFix Agent goes beyond detection to fix risks intelligently, with the same context application security and risk management teams use to make informed decisions,” said Apiiro co-founder and Chief Executive Officer Idan Plotnik.
AutoFix Agent doubles as an observability tool. According to Apiiro, it tracks metrics such as the average amount of time developers take to fix vulnerabilities. Managers can use that information to improve their teams’ cybersecurity procedures. It’s currently available in preview.
Photo: Unsplash
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
News Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of News, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — News Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
