AI that would become better than the best ethical hackers on the planet is no longer science -i, that’s what has just happened with XbowArtificial intelligence, which literally exploded the world’s Bug Bounty evaluation. For the first time in history, the robot reached the first in the American Hackerone ranking, the second reference platform Bug Bounty after the Yeswehack of course ^^.
So how did this AI succeed in this performance? Well, it’s not playing Pokemon cards, I tell you right away. In fact, the xbow system is Autonomous penses It was developed by former Github engineers who have received $ 20 million to develop this artificial intelligence capable of scanning thousands of web applications at the same time, discover vulnerability without any intervention in humans and closing tests of full penetration in a few hours. Where experienced human slopes take 40 hours to reach 85%of the score, XBOW does the same in & billion; 28 minutes. Incredible, right?
And the characters do vertigo: 1060 presented vulnerability Total, including 54 critics, 242 high, 524 diameters and 65 weak. 130, 303 were sorted from this impressive total number, and the rest is either explored or marked as duplicate or informative. It is not just a few mistakes that are here and there, it is a real army of errors discovered in a completely automated way.
But how does XBOW do so effective? First, the team began with the creation of unique benchmarks to verify their approach. They tested their AI in CTF (capture a symptom) and created scenarios simulating real situations. The goal was clear to know how to discover The vulnerability of zero days in projects with open source code. And then they built the entire infrastructure to identify the targets with high added value.
Xbow’s secret is therefore his ultra sophisticated multi -level approach. AI uses advanced techniques such as analysis of program perimeters with AI (yes, AI, which uses AI, it is the beginning), scoring fields to prefer targets, expand partial domains to miss anything, and detect content similarity to avoid losing time in duplicates. But a really great thing is what the “validators” say, that is, species Automated reviewers that confirm each vulnerability of the discovery before its submission.
And the fascinating thing is that XBOW works exactly like a human bundle, but with the capacity of the scaler at madly speed. While one tests the application, XBow can test thousands of parallel and, unlike traditional safety tests that are often accurate, XBOW can run continuously during software development. The vulnerabilities are identified and repaired before bad hackers have a chance to use them.
The impact on this industry is huge, because for the first time we have proof that AI can not only match, but also overcome the best human professionals in cyber security. In short, it is Ia slope Who works 24/7 who never takes a holiday that never makes a mistake of fatigue and who can permanently test all his infrastructure;
Of course, it also raises questions. Will the human slopes find themselves unemployed? Probably not because experience shows that AI stands out in automatic detection and scalability, but that people remain necessary for understanding the business context, management of complex cases and especially for creativity necessary to present new vectors of attack. It is more of a cooperation than a competition.
The founder of Xbowa, Moor’s Work, is not just anyone, because it was the one who has already founded Semmle, then sold in Github/Microsoft. Also, note that all the vulnerabilities found by XBOW are verified by a team of security experts before subjugating them to respect platform policies for automated tools. So it is not just a robot reporting spam, it is a proven quality.
Here, so if you are in cyber security, it’s the time you expected to be really interested in AI. Whether you are a slope, Security Manager or a developer, you understand how these tools work and how to integrate them into your workflows will be essential. XBOW is just the beginning and more AI will follow, so keep a step, form and preparation for this future & mildew;
Source
(Tagstotranslate) AI