Introducing Cod Acceler: Ai Ai Security agent

AI developed is used to fix delicate software risk

Today, we share the first results from our research in the Codemeler, a new AI powerful AI enables that promote the code automatically.

Software risk is difficult for hardship and time-consuming enhancements to find and repair, or in traditional, defaulting ways as a fuzzing. Our AI-based efforts like a great sleeping with OSSS-FUZZ show AI's power to find the new zero risk in well-assessed software. As we reach more success in most dangerous ears, it will be more difficult for people alone to continue.

The Codemeler is coming to solve the problem by taking a comprehensive code of safety code, and restoring new risks, revocations, rewriting and protecting existing classes. In the past six months we have built a Codemendinder, we have already increased 72 security renewal of the source projects, including some 4,5 million lines.

By creating automatically and applied to high quality patches, the Codender's Agent Ai-Powered helps developers and guardians focus on what they do better – to create a good software.

Active Codemeler

The Codemeler is valid for implementing the intensity of the deep Gemini depths that are considering to produce an effective agent to address the error and repair difficult risk.

To do this, the Codemer agent is equipped with strong tools that allow them to think about the code before making changes, and automatically confirms those changes to make sure and do not cause regres.

While large models of language quickly, errors in the security of the code can be very expensive. The default Codender confirmation process is valid across the many high-quality issues, genuine, repair skills and follow the styles guidelines.

As part of our research, we also develop new strategies and tools that allow codeNter to consult with the code and make effective changes. This includes:

• Advanced Program Analysis: We have developed tools based on the advanced program involving static analysis, a powerful analysis, a different test, tease and SMT resolution. Using these tools to address the code patterns in order, control the flow and flow of data, the Codemeler can better identify the causes of safety mistakes and weaknesses of buildings.
• Many agent programs: We have developed special agents with a power that empowering the Codender to deal with certain features of the basic issue. For example, the Codemeler uses a massive model-based tool that points out the difference between the original and expensive code to ensure that the proposed changes are not producing regersisoons, and they are prepared to complicate as necessary.

To fix the risk

To effectively review the risk, and protect that the recorder has recently been re-recoverable, the power codes use Debugger, the source code browser, and other tools to identify the root causes and compose rots. We have added two examples of the Codender Patcher risk in the video carousel below.

Example # 1: identify the cause of the accident

Here is a Snippet consulting snippet about the causes of poodegekelendender-designed for Codemption, after analyzing Debugger's release results and code search tools.

Although the last patch in this example changed only a few lines of the code, the cause of the accident was not clear. In this case, the crash report indicated the abundance of large numbers, but the real problem was something elsewhere – the wrong stack of Markup (XML) between awake.

Example # 2: Agent is able to create a non-trivial degree

In this example, the Codemeler Egent was able to come with a small patch that we discussed the major problem of life.

The agent could only find the cause of risk, but also managed to change the customary program completely performing C code for the project.

Rewriting existing code with better safety

We also designed the Codemeler to rewrite the existing code to use secure data structures and APIs.

For example, we have submitted the Codemeler to apply for safety safety in parts of the largest used paves called Libwebp. When -Fbound-security Using annotations, the compiler adds the code assessment boundaries to prevent the attacker from reducing the fullness or package of buffer to issue an argument code.

In the last few years, a buffer with a heap of vulnerability in Libweb (CVE-2023-4863) is used by a threatened character as part of the Zero-Click iOs exploitation. Reference -Fbound-security Applications, this from danger, and many abundant dissolution in this work where we installed the annotations, whether it is done ineffective.

In the video carousel below we show examples of the agent's decision-making process, including verification measures.

Example # 1: Agent's thinking steps

In this example, the Codemeler agent is asked to deal with the following -Fbound-security Error in Tiny_depthths Indicator:

Example # 2: Agent automatically adjusts errors and testing failures

One of the key to the Codemption CodemptionDender is their ability to automatically adjust new mistakes and any failure of the test from its descriptions. Here is an example of an agent that drowsily dropped.

Example # 3: Agent confirms changes

In this example, the Codemer agent converts the function and uses the ILM tool for the jury prepared in order to ensure that operation remains strong. When the tool gets failure, your agent is based based on the Judge's LLM response.

To make software safer for everyone

While our first effects with codemenger promises, we take a guard path, focus on honesty. Currently, all patches are produced by the Codemeler reviewed by people's researchers before sending up.

Using the Codemeler, we have already begun to submit various libraries open libraries, many of which are already accepted and climb. Leaving this process gradually to confirm the Fuctue and SteetelPrection reply from an open society.

We will further reach the guardians interested in the highest source source projects with the patches produced by Codemenders. By using the answer from this process, we hope to free the Codender as a tool that can be used by all software developers to keep their secure codes.

We will have certain strategies and effects of sharing, aiming to publish as technical documents and reports to the upcoming months. With a Codemeler, we have just started checking Ai's awesome power to improve the safety of the software for everyone.