Highlights:
- According to Code Intelligence’s beta tests, Spark can, on average, save up to 1,000 hours of manual labor while testing a codebase with 100,000 lines of code.
- Code Intelligence is enhancing AI agents’ capacity for autonomy by equipping them with the intelligence necessary to recognize jobs that require independent completion.
Based in Germany, an application security testing startup Code Intelligence GmbH unveiled AI-powered test agent. It can proactively detect bugs and susceptibilities in unknown code.
By automatically generating and executing a test, the business claims that Spark is the first AI agent of its sort to detect a real-world vulnerability in a well-known open-source software.
Code Intelligence claims that Spark is designed to completely automate the software testing process, and in order to achieve this, it not only finds flaws but also attempts to solve them by repairing the broken code. By doing this, Spark can significantly reduce the entry barrier for developers wishing to use sophisticated security testing methods that typically depend on human expertise, including white-box fuzz testing.
As per Code Intelligence’s beta tests, on an average Spark can save up to 1,000 hours of manual work while testing a codebase of 100,000 lines of code.
The business utilized Spark to scan WolfSSL, an open-source encryption library that is frequently utilized in embedded devices and internet of things systems, in order to demonstrate its capabilities. To do this, a human just needed to issue a single command to start the AI test agent; it took care of the rest on its own.
Before executing the test, Spark first analyzed the WolfSSL source and then created a pertinent test case based on that analysis. It quickly discovered a flaw called a “heap-based use-after-free,” which is referred to in the coding community as a vulnerability that can lead to unexpected behavior, system failures, and even security attacks.
Code Intelligence promptly alerted WolfSSL’s team to the vulnerability, and in December, the team promptly released an upgrade to address the issue.
According to Eric Brueggemann, Chief Executive of Code Intelligence, this test case demonstrates how AI may assist humans in activities requiring a high level of knowledge. “AI can effectively take over manual tasks in software testing, such as analyzing code, identifying the most likely attack vectors, generating and running tests, and can thereby yield great results,” he said.
In order to automate the entire software testing process and finish it in a matter of minutes, Brueggemann plans to build on that accomplishment by training Spark to patch any defects it finds automatically.
“Humans will continue to make the final decisions,” he added. “We will provide automatically generated pull requests with a proven fix for identified vulnerabilities directly in the CI/CD pipeline.”
Code Intelligence is enhancing AI agents’ capacity for autonomy by equipping them with the intelligence necessary to recognize jobs that require independent completion. Additionally, it’s applying this to a use case that is in dire need of enhancement.
“Code testing has long been a tedious and time-consuming task, and this segment of the software market has traditionally also been under-funded, resulting in lower quality software that’s littered with bugs,” the analyst said. “As a sub discipline within software testing, fuzz testing has been underutilized as it requires the creation of numerous tests for each piece of software. That makes it an ideal use case for generative AI, and it’s good to see this innovation, which has the potential to transform software development practices.”
Several businesses, including Vector Informatik GmbH, a software engineering firm, have already used Spark. Senior software development engineer Andreas Lackner of Vector expressed his admiration for Spark’s potential. “By reducing the manual effort for creating and integrating fuzz tests, we are able to bring our cycle times down and further improve the quality of our embedded software,” he said.
According to Code Intelligence, visitors from the Mozilla Foundation and Continental AG will discuss how they have been used Spark to improve their software testing operations during an official launch event scheduled for January 28.