Detectify announced Alfred, a
revolutionary system that uses AI to completely autonomously source,
prioritize, and generate high-fidelity security tests for the CVEs that
are most likely to be exploited. This innovation allows Detectify to
continuously and dynamically deliver security research to AppSec teams
with unprecedented speed and coverage, uniting the automation of human
ingenuity from the
Detectify Crowdsource community of ethical hackers with the powerful capabilities of AI Research.
With more than 100 new CVEs published daily and a growing number of vulnerabilities not covered by the CVE system,
security teams are increasingly overwhelmed. They must ensure they are
testing for the latest issues and identifying and prioritizing the
threats that pose actual risks to their systems. Traditional automated
scanners often worsen this issue by adding new security tests relying on
slow manual searches for publicly available CVE tests; generating
excessive noise through signature-based testing rather than actual
exploitability; and missing CVE-less vulnerabilities, such as
misconfigurations. vulnerability data from a wide range of trusted
security intelligence sources.
Detectify Alfred utilizes large language models (LLMs) to autonomously
obtain CVE threat intelligence from a wide range of trusted security
intelligence sources. It prioritizes CVE vulnerabilities based on their
likelihood of being exploited using the Exploit Prediction Scoring
System (EPSS) framework. Next, the system scrapes the web for publicly
available proofs-of-concept for each CVE, generating a payload-based
exploit that is added as a security test to the Detectify platform after
a quality assurance check is performed by a researcher. Detectify only
builds tests for relevant CVEs that can be validated with its proven
payload-based approach, emulating real-world exploits and dramatically
reducing false positives.
Detectify Alfred serves as a powerful additional source of security research, complementing the insights from the Detectify Crowdsource Community of ethical hackers
and internal security research experts. By fully automating the
identification and creation process of CVE-based assessments, Detectify
security research forces can dedicate more resources to address advanced
and novel threats, particularly those hiding beyond CVEs, delivering greater value to AppSec teams.
"We're tapping the power of AI to leverage the ultimate use of this
technology - creating a sleepless ethical hacker who is autonomously
collecting threat intelligence, prioritizing vulnerabilities, and
building payload-based security tests," said Rickard Carlsson, Detectify
CEO.
Thanks to the release of Alfred, Detectify customers can now benefit
from dramatically faster and broader access to test for likely
exploitable CVEs. An always-on force, continuously on the lookout to
build tests for new vulnerabilities as they emerge.
Alfred's AI-built assessments are now being rolled out to all Surface
Monitoring and Application Scanning customers, making Detectify the only
AppSec tool that combines its own community of ethical hackers with AI
research.