According to the NVIDIA Technology Blog, NVIDIA is making groundbreaking advances in software security by applying generative AI to streamline the process of scanning and patching software vulnerabilities, especially as the complexity of modern enterprise applications grows exponentially.
Addressing the Complexities of Software Vulnerability Scanning
Security flaws reported in common vulnerabilities and exposures (CVE) databases have proliferated, making traditional approaches to software scanning and patching increasingly difficult to manage. This peaked in 2022. By the end of the year, more than 200,000 cumulative vulnerabilities had been reported. More efficient solutions will be needed in 2023.
Generative AI offers a promising solution to this problem as it can improve vulnerability defenses while reducing the load on security teams. AI not only detects and remediates CVEs in the database, but also examines scanned software containers to determine whether upgrades are needed. This process is much faster than manual work by human security analysts.
Introducing Agent Morpheus: AI-based CVE analysis tool
NVIDIA has developed a generative AI application called ‘Agent Morpheus’ that executes more sophisticated responses to CVEs. Morpheus agents verify that a vulnerability actually exists, create a checklist of actions to thoroughly investigate the CVE, and most importantly, determine if the vulnerability is exploitable. This process significantly reduces the time spent researching and investigating CVEs before safely publishing software containers.
The role of generative AI in software security
Generative AI is becoming increasingly important in software security, especially in enterprise environments. It is important to distinguish between vulnerable containers (CVE exists) and exploitable containers (the vulnerability is actually running and can be exploited). The method for determining the exploitability of each CVE is unique based on the specific vulnerability and requires synthesizing CVE information from a variety of intelligence sources. This process can be incredibly tedious and time-consuming, so the introduction of AI significantly improves efficiency.
Advantages of Agent Morpheus
Agent Morpheus allows organizations to reduce the time it takes to triage vulnerabilities in software from hours or days to seconds. They can perceive, reason, and act independently without guidance or assistance from a human analyst. Once the analysis is complete, Agent Morpheus presents a summary of the findings to a human analyst, who can then decide the best course of action. Human-approved patching exemptions or changes to the analyst’s Morpheus agent summary are fed back into the LLM fine-tuning dataset to continuously improve the model based on human results.
conclusion
Overall, NVIDIA’s application of generative AI in the form of ‘Agent Morpheus’ is a groundbreaking approach to handling the increasing complexity of software vulnerability detection and patching at enterprise scale. These innovations represent significant progress in software security and demonstrate the potential of AI to improve efficiency and accuracy in the sector.
Image source: Shutterstock
. . .
tag