Code Intelligence has unveiled Spark, the first AI test agent capable of autonomously detecting bugs and vulnerabilities in unfamiliar code without requiring human involvement. Spark stands out as the first AI agent to discover a critical real-world vulnerability by independently creating and executing a test for a popular open-source software.
Spark is designed to fully automate software testing, from identifying bugs early in the development process to their actual remediation, drastically lowering the entry barrier to advanced security testing technologies like white-box fuzz testing. When testing software, for a codebase with 100,000 lines of code, it saves up to 1,000 hours of manual effort.
During its final beta testing, Spark uncovered a severe vulnerability in WolfSSL, an open-source cryptography library widely used in developing embedded devices and IoT systems. The only human involvement was launching a single command to run the AI Test Agent; analyzing the code, generating a relevant test case, and running it was done autonomously. The vulnerability, a heap-based use-after-free, could lead to unexpected behavior, crashes, or security exploits. The WolfSSL team resolved the issue immediately and released a new version with the fix in late December 2024.
“The uncovered real-world vulnerability proves that AI can effectively take over manual tasks in software testing, such as analyzing code, identifying the most likely attack vectors, generating and running tests, and can thereby yield great results,” said Eric Brueggemann, CEO of Code Intelligence. “Next, we will focus on going even further by also automatically fixing any uncovered bugs. This means the entire software testing process – from creating tests to bug remediation – will be completed in minutes without human interaction. However, humans will continue to make the final decisions. We will provide automatically generated pull requests with a proven fix for identified vulnerabilities directly in the CI/CD pipeline.”
“We were truly impressed by the abilities of Spark to enhance our fuzz testing workflows,” says Andreas Lackner, Senior Software Development Engineer at Vector Informatik. “By reducing the manual effort for creating and integrating fuzz tests, we are able to bring our cycle time down and further improve the quality of our embedded software.”
Code Intelligence will host an official launch event for Spark on January 28, which will gather security and software development experts from companies like Continental and Mozilla. Register here for free.
Related News:
