Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure Volumes
The article discusses the significant increase in CVE disclosures across various software suppliers, attributed to the rise of AI-assisted vulnerability discovery. Major companies like Chrome and GitHub have reported substantial growth in vulnerability reports, indicating a systemic shift in the reporting ecosystem. However, it remains uncertain whether this trend will continue or if it is a temporary spike due to the application of new AI models.
- ▪CVE disclosure volumes have increased sharply year-to-date across several software suppliers, including Chrome and GitHub.
- ▪AI-assisted vulnerability discovery is believed to be a contributing factor to the rise in reported vulnerabilities.
- ▪The quality of vulnerability submissions has improved over recent months, suggesting a positive impact from AI models.
Opening excerpt (first ~120 words) tap to expand
Key Takeaways:CVE disclosure volumes are up sharply year-to-date (YTD) across several software suppliers, including Chrome (+563.2%), VMware (+180.9%), Apache (+170.3%), Mozilla (+156.9%), HPE (+132.3%), and F5 (+113.8%).GitHub CVE issuance is also up significantly YTD (+476.07%), with GitHub indicating the increase is spread across many reporters and projects rather than concentrated in one source.The increases are consistent with broader use of AI-assisted vulnerability discovery, though the signal is still emerging and not all increases can be directly attributed to AI.Public examples from Mozilla, Microsoft, Apache, Curl, and Palo Alto show AI models being used to find, validate, or triage vulnerabilities, with mixed results depending on the project.What is less clear is whether these…
Excerpt limited to ~120 words for fair-use compliance. The full article is at VulnCheck.
Discussion
0 commentsMore from VulnCheck
