Meet vuln_GPT, Vicarius' AI for Detecting and Healing Software Weaknesses

By Greg Tavarez August 16, 2023

Identifying and addressing zero-day vulnerabilities presents an ongoing challenge, demanding a significant allocation of daily workforce resources. Look at the recent instance of vulnerability within MOVEit, where the initial vulnerability was pinpointed; however, nearly 60 days later, a quarter of the impacted entities continue to grapple with susceptibility. The emergence of novel AI-driven cyber threats, exemplified by entities like WormGPT, compounds the intricacy of recognizing and intercepting these malicious elements.

When it comes to vulnerability management solutions, traditional vendors predominantly emphasized the evaluative and detection facets yet have fallen short in adequately prioritizing the remedial dimension. The process of remediation is inherently intricate, and security teams approach the implementation of vendor-provided patches with circumspection, apprehensive about potential system disruptions or downtime. Even in cases where patches are available, a prevailing practice involves a cautious waiting period to mitigate any conceivable risks.

Vicarius, a player in the realm of vulnerability management solutions and a developer of an autonomous end-to-end vulnerability remediation platform, launched vuln_GPT, a LLM model trained to generate remediation scripts for software vulnerabilities in the race to find and fix vulnerabilities faster than hackers.

With vuln_GPT, Vicarius pioneers an era characterized by AI-crafted scripts designed to mitigate Common Vulnerabilities and Exposures, or CVEs, effectively bridging the gap between detection and remediation. While the Mean Time to Detect, or MTTD, remains a persistent concern for IT teams, an even greater hurdle emerges in the form of Mean Time to Remediate, or MTTR, as many teams lack the adeptness to swiftly address vulnerabilities.

Through vuln_GPT, security teams gain the capacity to expeditiously resolve critical issues, markedly abbreviating their response time, curbing the costly aftermath of incidents, and diminishing MTTD and MTTR. Vicarius discerns an opportune moment to address the skills gap, particularly pertinent when in-house research teams are confronted with staffing shortages and resource constraints.

For example, scripts can remove a file, close a port, disable a protocol, or initiate a compensating control. These are all strategies that can provide a sturdy and reliable fix while vendors work on releasing a patch or while security teams test one in a lab environment.

Because vuln_GPT works without human intervention, it also makes vulnerability detection and remediation faster and more cost effective, without the need for large research teams or highly skilled security engineers, saving time and money.

“We want to fight AI with AI,” said Michael Assraf, CEO of Vicarius. “With vuln_GPT, we can help security teams with the end-to-end vulnerability management process to quickly identify, prioritize, fix and validate critical issues. We believe this is a game changer toward staying one step ahead of the attacker.”

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

San Francisco Giants Hit a Home Run with RingCentral Partnership

The San Francisco Giants recently named RingCentral as an enterprise cloud communications partner to transform the organization's business communications to elevate employee and fan engagement.

Read More

Comtech Completes Arizona's Shift to Next-Gen 911 for Improved Emergency Response

Comtech, in partnership with the Arizona Department of Administrations, or ADOA, successfully completed a statewide transition to Comtech's NG911 services.

Read More

Driving Telecom Growth: Expert Insights from SkySwitch Vectors 2024

After a grand welcome to SkySwitch Vectors 2024 in the JW Marriott's Symphony Ballroom in downtown Nashville, Tennessee, one of the show's valued sponsors - GreenStar Marketing - took the stage to further educate attendees.

Read More

Hiya Reveals Escalating Threat of Phone Fraud and Spam Calls Despite Preference for Voice Communication

Consumers prefer voice calls over email or text, especially for sensitive matters such as healthcare, banking, and credit card communications.

Read More

Brightspeed Introduces Voice+ Powered by RingCentral: AI-Driven Cloud Communications

Brightspeed Voice+, powered by RingCentral's enterprise cloud communications solution, will provide customers with AI-driven integrated messaging, video, and voice capabilities accessible from virtually any device.

Read More