CodeHunter, a provider of behavioral malware analysis and threat intelligence tools, today announced it is making available an application programming interface (API) to make it simpler to embed the capabilities it provides within a DevSecOps workflow.
At its core, CodeHunter makes use of a set of deterministic AI models that it has developed to analyze software artifacts at the binary level, which then makes it possible to understand how they were built and the actual intent of the functionality embedded within them. The output created is a Behavioral Intent Profile (BIP), a deterministic, explainable record of how an artifact is expected to behave and whether that behavior introduces security, operational, or compliance risk.
Ken Ammon, chief strategy officer for CodeHunter, said rather than relying on probabilistic large language models (LLMs) to analyze source code, the CodeHunter approach makes it possible to accurately deconstruct an entire application. Armed with those insights, it becomes simpler to more precisely identify how, and to what extent, malware has been injected into an application, he added.
A signed binary produced during a build or obtained from a trusted source can be analyzed to identify unexpected network activity, privilege escalation, or system modifications that violate security policies.
The CodeHunter API that is now being exposed makes it possible to then embed a BIP sandbox to inspect artifacts into pipelines created and managed by continuous integration/continuous deployment (CI/CD) platforms or within a security orchestration, automation and response (SOAR) platform that is being used to automate remediation, said Ammon.
That capability also makes it possible to enforce policy decisions, such as allow, block, quarantine, or review, before software executes or propagates, he noted.
Ultimately, CodeHunter uniquely surfaces the context needed to understand the original intent the artifact analyzed, which in turn makes it simpler to identify anomalous behavior, added Ammon.
It’s not clear to what degree DevSecOps teams appreciate the difference between deterministic versus probabilistic AI models, but when it comes to application security an AI model needs to be able to surface analysis the same way each time it runs, said Ammon. The issue with probabilistic AI models is they never generate the same output the same way twice, he added.
Ultimately, there will be a need for greater precision when it comes to analyzing malware. Cybercriminals in the age of AI are getting more adept at finding ways to compromise software supply chains. Application development teams don’t have the skills and expertise needed to identify every potential malicious line of code that might be hidden in a code base. The only way to combat AI related threats is going to involve relying more on AI tools to thwart them.
Adoption of best DevSecOps practices has, unfortunately, been uneven. On the plus side, a recent Futurum Group survey finds well over a third of respondents expect their organization to increase spending on software security testing (39%) and application programming interface (API) security (36%) over the next 12 to 18 months. Overall, about 35% said they also plan to make some type of investment in application security, the survey finds.
The challenge and the opportunity now is to get the right tools and processes in place before the volume of code being generated using AI coding tools becomes from an application security perspective becomes too overwhelming to protect.
