Identifying and addressing zero-day vulnerabilities presents an ongoing challenge, demanding a significant allocation of daily workforce resources. Look at the recent instance of vulnerability within MOVEit, where the initial vulnerability was pinpointed; however, nearly 60 days later, a quarter of the impacted entities continue to grapple with susceptibility. The emergence of novel AI-driven cyber threats, exemplified by entities like WormGPT, compounds the intricacy of recognizing and intercepting these malicious elements.
When it comes to vulnerability management solutions, traditional vendors predominantly emphasized the evaluative and detection facets yet have fallen short in adequately prioritizing the remedial dimension. The process of remediation is inherently intricate, and security teams approach the implementation of vendor-provided patches with circumspection, apprehensive about potential system disruptions or downtime. Even in cases where patches are available, a prevailing practice involves a cautious waiting period to mitigate any conceivable risks.
Vicarius, a player in the realm of vulnerability management solutions and a developer of an autonomous end-to-end vulnerability remediation platform, launched vuln_GPT, a LLM model trained to generate remediation scripts for software vulnerabilities in the race to find and fix vulnerabilities faster than hackers.
With vuln_GPT, Vicarius pioneers an era characterized by AI-crafted scripts designed to mitigate Common Vulnerabilities and Exposures, or CVEs, effectively bridging the gap between detection and remediation. While the Mean Time to Detect, or MTTD, remains a persistent concern for IT teams, an even greater hurdle emerges in the form of Mean Time to Remediate, or MTTR, as many teams lack the adeptness to swiftly address vulnerabilities.
Through vuln_GPT, security teams gain the capacity to expeditiously resolve critical issues, markedly abbreviating their response time, curbing the costly aftermath of incidents, and diminishing MTTD and MTTR. Vicarius discerns an opportune moment to address the skills gap, particularly pertinent when in-house research teams are confronted with staffing shortages and resource constraints.
For example, scripts can remove a file, close a port, disable a protocol, or initiate a compensating control. These are all strategies that can provide a sturdy and reliable fix while vendors work on releasing a patch or while security teams test one in a lab environment.
Because vuln_GPT works without human intervention, it also makes vulnerability detection and remediation faster and more cost effective, without the need for large research teams or highly skilled security engineers, saving time and money.
“We want to fight AI with AI,” said Michael Assraf, CEO of Vicarius. “With vuln_GPT, we can help security teams with the end-to-end vulnerability management process to quickly identify, prioritize, fix and validate critical issues. We believe this is a game changer toward staying one step ahead of the attacker.”
Edited by
Alex Passett
