Best-in-Class AST Player Dramatically Reduces Time-to-Market for testing CVEs with Fully Autonomous Payload-based Assessments
Detectify, the advanced application security testing platform for evolving attack surface coverage, today announced Alfred, a revolutionary system that uses AI to completely autonomously source, prioritize, and generate high-fidelity security tests for the CVEs that are most likely to be exploited. This innovation allows Detectify to continuously and dynamically deliver security research to AppSec teams with unprecedented speed and coverage, uniting the automation of human ingenuity from the Detectify Crowdsource community of ethical hackers with the powerful capabilities of AI Research.\
With more than 100 new CVEs published daily and a growing number of vulnerabilities not covered by the CVE system, security teams are increasingly overwhelmed. They must ensure they are testing for the latest issues and identifying and prioritizing the threats that pose actual risks to their systems. Traditional automated scanners often worsen this issue by adding new security tests relying on slow manual searches for publicly available CVE tests; generating excessive noise through signature-based testing rather than actual exploitability; and missing CVE-less vulnerabilities, such as misconfigurations. vulnerability data from a wide range of trusted security intelligence sources.
Detectify Alfred utilizes large language models (LLMs) to autonomously obtain CVE threat intelligence from a wide range of trusted security intelligence sources. It prioritizes CVE vulnerabilities based on their likelihood of being exploited using the Exploit Prediction Scoring System (EPSS) framework. Next, the system scrapes the web for publicly available proofs-of-concept for each CVE, generating a payload-based exploit that is added as a security test to the Detectify platform after a quality assurance check is performed by a researcher. Detectify only builds tests for relevant CVEs that can be validated with its proven payload-based approach, emulating real-world exploits and dramatically reducing false positives.
Detectify Alfred serves as a powerful additional source of security research, complementing the insights from the Detectify Crowdsource Community of ethical hackers and internal security research experts. By fully automating the identification and creation process of CVE-based assessments, Detectify security research forces can dedicate more resources to address advanced and novel threats, particularly those hiding beyond CVEs, delivering greater value to AppSec teams.
“We’re tapping the power of AI to leverage the ultimate use of this technology – creating a sleepless ethical hacker who is autonomously collecting threat intelligence, prioritizing vulnerabilities, and building payload-based security tests,” said Rickard Carlsson, Detectify CEO.
Thanks to the release of Alfred, Detectify customers can now benefit from dramatically faster and broader access to test for likely exploitable CVEs. An always-on force, continuously on the lookout to build tests for new vulnerabilities as they emerge.
Alfred’s AI-built assessments are now being rolled out to all Surface Monitoring and Application Scanning customers, making Detectify the only AppSec tool that combines its own community of ethical hackers with AI research. Read more about Alfred here.