Skip to main content

Hacktron Plans to Build AI Platform to Test Code for Vulnerabilities

Hacktron revealed today it is developing a platform that leverages artificial intelligence (AI) to continuously test code for vulnerabilities.

Fresh off raising $2.9 million in seed capital, Hacktron founder Zayne Zhang said the company’s platform will employ multiple AI models to test every pull request and code change to identify vulnerabilities that are actually exploitable.

Once identified, the platform will also surface a recommendation to remediate that issue that could be shared with an AI coding tool. The overall goal is to dramatically reduce the number of false positives that DevOps teams waste time investigating, said Zhang. In effect, AI will significantly reduce the current level of burden DevSecOps teams today experience when trying to maintain application security, he added.

The team behind Hacktron has years of expertise researching vulnerabilities. Most recently, Hacktron uncovered critical vulnerabilities in the widely used OAuth2 Proxy project, highlighting risks in open-source infrastructure relied on by enterprise teams. The company has also provided security testing services for organizations such as Perplexity AI and Supabase.

With the advent of the latest AI models from Anthropic and OpenAI, it’s apparent that vulnerabilities in code will soon be discovered within hours of an application being deployed. Once discovered, it will only take a few more hours for adversaries to find ways to exploit those vulnerabilities. The only way to prevent those cybersecurity incidents in the first place will be to leverage AI to identify and remediate vulnerabilities and weaknesses long before any application is actually deployed, noted Zhang.

It’s not clear how much time DevOps teams will soon be spending on remediating vulnerabilities as more of them are discovered, but there is a case to be made for replacing or modernizing legacy applications on the assumption many of them are, from a security perspective, fundamentally flawed. The challenge then becomes making sure that any new code generated by human developers or an AI agent is truly secure. Otherwise, DevOps teams will find themselves throwing more fuel on an application security fire that is already close to spiraling out of control.

Regardless of approach, there will soon come a day when it will no longer be acceptable to ship code that has known vulnerabilities. The irony, of course, is that the first wave of AI tools that application developers adopted tended to increase the number of vulnerabilities being introduced simply because they were trained using flawed examples of code. However, the next generation of AI models have more advanced reasoning capabilities that makes it possible to surface vulnerabilities in both new and legacy code.

Ultimately, it’s now only a matter of time before DevSecOps workflows are re-engineered using AI agents that will be better at discovering vulnerabilities than most software engineers might ever hope to be. While that may lead to some fundamental changes in how DevOps workflows are constructed, there is little doubt that most of the application developers that spend time creating and testing patches for applications would, as a rule, generally prefer to be spending more of their time on higher level tasks that add significantly more value to the business.



from DevOps.com https://ift.tt/I9FqMTJ
Labels:

Comments

Post a Comment

Popular posts from this blog

Cursor’s New SDK Turns AI Coding Agents Into Deployable Infrastructure

For most of its life, Cursor has been an IDE. A very good one. But with the public beta of the Cursor SDK, the company is making a different kind of move — one that should get the attention of DevOps teams. The Cursor SDK is a TypeScript library that gives engineers programmatic access to the same runtime, models, and agent harness that power Cursor’s desktop app, CLI, and web interface. In short, the agents that used to live inside an editor can now be invoked from anywhere in your stack. That’s a meaningful shift in how AI coding tools fit into software delivery pipelines. From the Editor to the Pipeline If you’ve used Cursor before, the workflow is familiar — you interact with an agent in real time, asking it to write functions, fix bugs, or review code. The SDK breaks that dependency on interactive use. Now you can call those same agents programmatically, from a CI/CD trigger, a backend service, or embedded inside another tool. Getting started is a single inst...
Post a Comment
Read more

Mistral Moves Coding Agents to the Cloud — and Gets Out of Your Way

For the past year or so, AI coding agents have been tethered to your local machine. You kick off a task, watch the terminal, and babysit every step. It works — but it’s not exactly hands-free. Mistral just changed that. On April 29, the Paris-based AI company announced remote coding agents for its Vibe platform, powered by a new model called Mistral Medium 3.5. The idea is simple: Instead of running coding sessions on your laptop, they now run in the cloud — asynchronously, in parallel, and without you watching over them. What’s Actually New Coding sessions can now work through long tasks while you’re away. Many can run in parallel, and you no longer become the bottleneck at every step the agent takes. That’s the core pitch. You start a task from the Mistral Vibe CLI or directly from Le Chat — Mistral’s AI assistant — and the agent handles the rest. When it’s done, it opens a pull request on GitHub and notifies you, so you review the result inste...
Post a Comment
Read more

OpenAI Debuts Symphony to Orchestrate Coding Agents at Scale

OpenAI has unveiled Symphony, an open-source specification that shifts how software development teams deploy AI in workflows, moving from interactive coding assistance toward continuous orchestration of autonomous agents. Symphony reframes project management tools as operational hubs for AI-driven coding. Rather than prompting an assistant for individual tasks, developers assign work through issue trackers, allowing agents to execute tasks in parallel and deliver outputs for human review. The change reflects a trend in enterprise AI in which systems are increasingly embedded into production pipelines rather than used as standalone tools. Symphony emerged from internal experimentation at   OpenAI , where engineers attempted to scale the use of   Codex   across multiple concurrent sessions. While the agents proved capable, human operators became the limiting factor. Engineers found they could only manage a handful of sessions before coordination overhead offset pro...
Post a Comment
Read more