We are excited to announce Detectify Alfred, a revolutionary system that uses AI to completely autonomously collect and prioritize threat intelligence and generate high-fidelity security tests for the CVEs that are most likely to be exploited in the wild. This innovation allows us to dynamically deliver always-on security research to AppSec teams with unprecedented speed and coverage, combining the power of human ingenuity from the Detectify Crowdsource community of ethical hackers with the powerful capabilities of AI.
With more than 100 new CVEs published daily and a growing number of vulnerabilities not covered by the CVE system, security teams are increasingly overwhelmed. They must ensure they are testing for the latest issues and identifying and prioritizing the threats that pose actual risks to their systems. Traditional automated scanners often worsen this issue by adding new security tests relying on slow manual searches for publicly available CVE tests; generating excessive noise through signature-based testing rather than actual exploitability, and missing CVE-less vulnerabilities, such as misconfigurations.
Meet the security researcher that never sleeps
Alfred serves as a powerful additional source of security research, complementing the insights from our Crowdsource community of ethical hackers and internal security research experts. By fully automating the identification and creation process of CVE-based assessments, our security research forces can dedicate more resources to address advanced and novel threats, including those hiding beyond CVEs, delivering greater value to our customers.
Detectify Alfred under the hood
Alfred utilizes large language models (LLMs) to autonomously process details of CVEs as they are disclosed. We prioritize these vulnerabilities based on their likelihood of being exploited using the Exploit Prediction Scoring System (EPSS) framework. Next, the system scrapes the web for publicly available proofs-of-concept for each CVE, generating a payload-based exploit that is added as a security test to our Detectify platform only after a quality assurance check is performed by a researcher. We only build tests for relevant CVEs that can be validated with our proven payload-based approach, which emulates real-world exploits and dramatically reduces false positives.
Let’s take a closer look at how Alfred operates:
- Threat intelligence. With over 100 CVEs published every day, the system pulls vulnerability data from a wide range of trusted security intelligence sources. The raw vulnerability data is then enriched by gathering related information from diverse sources, including technical blogs and research labs, building a comprehensive knowledge base.
- Filtering and ranking relevant CVEs. This system takes into account the exploitability likelihood for each vulnerability, based on the EPSS framework. Additionally, it filters for CVEs relevant to Detectify customers, specifically those that can be automated in our scanning engines and those that are not prone to false positives.
- Generating payload-based security tests. Based on the analyzed information, the system attempts to automatically generate a testing procedure designed to replicate the vulnerability. Automated checks are run to ensure the generated test aligns with the specific requirements of our testing infrastructure.
- Integrating tests into the Detectify engines. The generated test undergoes automated refinement, including error correction and optimization, to ensure accuracy and efficiency. As soon as the final quality check is performed, the refined security test is integrated into our platform.
- Filtered-out CVEs are continuously re-evaluated in case new information about them is made available.
Thanks, Alfred!
Thanks to the release of Alfred, Detectify customers can now benefit from dramatically faster and broader access to test for relevant CVEs. An always-on sleepless agent continuously on the lookout for new vulnerabilities.
Alfred’s AI-built assessments are now being rolled out to all Surface Monitoring and Application Scanning customers, making Detectify the only AppSec tool that combines its own community of ethical hackers with AI research. Read more about Alfred here.
Are you interested in learning more about Detectify and seeing Alfred in action? Start a 2-week free trial or talk to our experts.
If you are a Detectify customer already, don’t miss the What’s New page for the latest product updates and new security tests added to the platform.
