Opus Security today unveiled a platform that employs artificial intelligence (AI) agents to its vulnerability management platform that are trained to discover known issues and suggest remediations.
The Autonomous Vulnerability Management Platform is designed to first engage DevSecOps teams by asking a series of questions about their application environments. That data is then used to map the IT environment, determine which policies should be enforced and identify which vulnerabilities represent the most severe potential threats.
The platform then shares that data with a set of AI agents that have been trained to perform specific tasks, including a Security Researcher, Security Governance Agent, Process Orchestrator, Remediation Agent and Collaborators that help remediate specific issues.
Collectively, these agents consolidate, normalize, and deduplicate millions of fragmented data points to reduce the overall noise level that legacy platforms typically generate.
Opus Security CEO Meny Har said that level of coordination is simply not possible today without using an AI platform to orchestrate the various tasks assigned to AI agents.
That capability is crucial because DevSecOps teams today are overwhelmed by the number of known vulnerabilities that exist in millions of lines of code, he added. The only way to reliably discover those issues is to rely on AI agents that have been specifically trained to perform that task, said Har.
As most DevSecOps teams know all too well, application security incidents are often traced back to known vulnerabilities that for one reason or another were never addressed. The main culprit is that there is usually not enough time to develop, test and apply a patch before a vulnerability is exploited. The Autonomous Vulnerability Management Platform is designed to reduce the overall time and effort required to identify those issues in a way that enables DevSecOps teams to make better use of their limited resources, said Har.
Longer term, Opus Security is also working toward adding an ability to automatically apply patches that have been vetted by DevSecOps teams to remediate vulnerabilities, he added.
While a lot of progress has been made in terms of adopting best DevSecOps practices, it’s clear there is still much work to be done. A significant part of the challenge, however, is that existing tools were not designed to analyze code bases that, in the age of artificial intelligence (AI), will continue to exponentially increase in size. In fact, the amount of vulnerable code generated by AI models trained using flawed code might significantly increase. The only way to secure that amount of code is to rely more on AI tools to fix the code now being created by both machines and humans.
It’s not clear to what degree application security might get worse before it eventually gets better. In theory, AI tools will eventually enable developers to write more secure code at the time they are building applications. However, in the short term DevSecOps teams will continue to have their hands full, at a time when there might soon be more software developed in the next few years than there was in all of the past decade.
