Detectify launches Alfred to automate CVE security testing with AI – News

External attack surface management startup Detectify AB today announced the launch of Alfred, a new system that uses artificial intelligence to autonomously source, prioritize and generate high-fidelity security tests for the Common Vulnerabilities and Exposures that are most likely to be exploited.

The new service allows Detectify to continuously and dynamically deliver security research to customers with speed and coverage while uniting insights from the Detectify Crowdsource community of ethical hackers with the capabilities of AI.

The solution seeks to address the growing challenge of vulnerability management by leveraging AI to automate the detection and prioritization of security threats. More than 100 new CVEs are published daily and there are an increasing number of vulnerabilities not covered by the CVE system, meaning that security teams are often overwhelmed

Traditional automated scanners exacerbate the problem by relying on slow manual searches for publicly available CVE tests. That generates excessive noise through signature-based testing rather than focusing on actual exploitability, so vulnerabilities that exist outside the CVE framework, such as misconfigurations, are not detected.

Detectify Alfred tackles these challenges by utilizing large language models to autonomously gather CVE threat intelligence from trusted security sources. The service prioritizes vulnerabilities based on their likelihood of exploitation using the Exploit Prediction Scoring System and scrapes the web for publicly available proofs-of-concept. Once verified, Alfred generates payload-based security tests, ensuring real-world exploitability and significantly reducing false positives.

By automating the assessment and validation process, Alfred allows security researchers to focus on more advanced threats beyond CVEs, enhancing the overall security posture of organizations.

Detectify Alfred also serves as an additional source of security research, complementing insights from the Detectify Crowdsource Community of ethical hackers and internal security research experts. By fully automating the identification and creation process of CVE-based assessments, Detectify security research forces can dedicate more resources to address advanced and novel threats — particularly those hiding beyond CVEs.

“We’re tapping the power of AI to leverage the ultimate use of this technology- creating a sleepless ethical hacker who is autonomously collecting threat intelligence, prioritizing vulnerabilities and building payload-based security tests,” said Chief Executive Rickard Carlsson.

Detectify is a venture capital-backed startup that has raised $42.1 million over five rounds. Investors in the company include Insight Venture Partners, First Fellow Partners Oy, Inventure, Balderton Capital (UK) LLP and SquareOne App Ltd.

Image: News/Ideogram