Code Intelligence, the pioneer in AI-automated software testing, announced the launch of Spark, the first AI test agent that autonomously identifies bugs in unknown code without human interaction. It’s the first AI Agent to find a real-world vulnerability by automatically generating and running a test for a widely used open-source software.
Spark is designed to fully automate software testing, from identifying bugs early in the development process to their actual remediation, drastically lowering the entry barrier to advanced security testing technologies like white-box fuzz testing. When testing software, for a codebase with 100.000 lines of code, it saves up to 1.000 hours of manual effort.
During its final beta testing, Spark uncovered a vulnerability in WolfSSL, an open-source cryptography library widely used in developing embedded devices and IoT systems. The only human involvement was launching a single command to run the AI Test Agent; analyzing the code, generating a relevant test case, and running it was done autonomously. The vulnerability, a heap-based use-after-free, could lead to unexpected behavior, crashes, or security exploits. The WolfSSL team resolved the issue immediately and released a new version with the fix in late December 2024.
Also Read: Software Defined Automation Wins 2024 Frost & Sullivan Award for Pioneering Industrial DevOps Solutions
“The uncovered real-world vulnerability proves that AI can effectively take over manual tasks in software testing, such as analyzing code, identifying the most likely attack vectors, generating and running tests, and can thereby yield great results,” said Eric Brueggemann, CEO of Code Intelligence. “Next, we will focus on going even further by automatically fixing any uncovered bugs. This means the entire software testing process – from creating tests to bug remediation – will be completed in minutes without human interaction. However, humans will continue to make the final decisions. We will provide automatically generated pull requests with a proven fix.”
“We were truly impressed by the abilities of Spark to enhance our fuzz testing workflows,” says Andreas Lackner, Senior Software Development Engineer at Vector Informatik. “By reducing the manual effort for creating and integrating fuzz tests, we are able to bring our cycle time down and further improve the quality of our embedded software.”
SOURCE: PRNewswire
