Code Intelligence announced the launch of Spark, the first AI test agent that
autonomously identifies bugs in unknown code without human interaction.
It's the first AI Agent to find a real-world vulnerability by
automatically generating and running a test for a widely used
open-source software.
Spark is designed to fully automate software testing, from
identifying bugs early in the development process to their actual
remediation, drastically lowering the entry barrier to advanced security
testing technologies like white-box fuzz testing. When testing
software, for a codebase with 100.000 lines of code, it saves up to
1.000 hours of manual effort.
During its final beta testing, Spark uncovered a vulnerability in WolfSSL,
an open-source cryptography library widely used in developing embedded
devices and IoT systems. The only human involvement was launching a
single command to run the AI Test Agent; analyzing the code, generating a
relevant test case, and running it was done autonomously. The
vulnerability, a heap-based use-after-free, could lead to unexpected
behavior, crashes, or security exploits. The WolfSSL team resolved the
issue immediately and released a new version with the fix in late December 2024.
"The uncovered real-world vulnerability proves that AI can
effectively take over manual tasks in software testing, such as
analyzing code, identifying the most likely attack vectors, generating
and running tests, and can thereby yield great results," said Eric Brueggemann, CEO of Code Intelligence. "Next,
we will focus on going even further by automatically fixing any
uncovered bugs. This means the entire software testing process - from
creating tests to bug remediation - will be completed in minutes without
human interaction. However, humans will continue to make the final
decisions. We will provide automatically generated pull requests with a
proven fix."
"We were truly impressed by the abilities of Spark to enhance our fuzz testing workflows," says Andreas Lackner, Senior Software Development Engineer at Vector Informatik. "By
reducing the manual effort for creating and integrating fuzz tests, we
are able to bring our cycle time down and further improve the quality of
our embedded software."