The Checkmarx AppSec research team recently discovered a vulnerability in the OpenAI ChatGPT signup process that allowed “unlimited” credit on new accounts. The team disclosed this finding to the OpenAI security team and worked collaboratively to close the vulnerability.
This is significant because it could have allowed malicious actors to create unlimited accounts and use them for nefarious purposes. Luckily, the vulnerability was discovered and fixed before any damage was done.
There’s another significance. This showed how effective the Checkmarx team is. Checkmarx is a provider of application security that offers a highly comprehensive and innovative cloud-native platform known as Checkmarx One. It draws upon the intelligence gathered by their AppSec security research team.
Checkmarx enables enterprises to secure each phase of development for all applications, while adeptly addressing the evolving needs of CISOs, security teams and development teams. Remaining true to ensuring the safety and security of their customers and the applications that are integral to their daily lives, Checkmarx announced its new AI Query Builders and AI Guided Remediation to help development and AppSec teams more accurately discover and remediate application vulnerabilities.
The AI Query Builder for SAST introduces a remarkable capability of Checkmarx SAST: the ability to adapt to different application criticalities. By leveraging AI technology, developers and AppSec teams gain the power to create custom SAST queries that suit their specific scanning requirements. They can fine-tune these queries, modify existing ones and even incorporate new use cases, thereby expanding the scope of their static coverage.
The AI Query Builder for IaC Security revolutionizes the way developers, cloud engineers and AppSec teams handle infrastructure-as-code, or IaC, security. With this new query builder, users effortlessly introduce new IaC queries without any prior knowledge or expertise. By simply entering human-readable text that describes the search target, the AI Query Builder, powered by GPT-4, automatically generates queries.
It is important to note that all queries are generated by GPT without accessing or sharing any user files or data. Furthermore, these queries seamlessly integrate with the existing queries in IaC Security or KICS by Checkmarx.
As for AI Guided Remediation, the solution provides actionable remediation guidance within integrated development environments, or IDEs. This tool assists developers in gaining a better understanding of IaC and API misconfigurations without requiring additional resources. What this means is organizations can now address issues in their IaC templates more swiftly, leading to reduced management overhead.
Furthermore, AI Guided Remediation promotes developer adoption of secure coding practices and enables the delivery of more secure applications at an accelerated pace.
"Checkmarx innovation is leveraging generative AI to disrupt and transform the way developers secure applications, bringing greater accuracy and guidance directly into the heart of their IDEs and processes," said Sandeep Johri, CEO at Checkmarx. "We're pushing the industry forward with new AI-driven capabilities and supporting CISOs and AppSec leaders to better support their development teams, making AppSec more effective and comprehensive as part of cloud and digital transformation."
The AI-driven features are available within the Checkmarx One Application Security Platform. This is the first in a series of planned AI-powered capabilities aimed at helping CISOs, AppSec teams and application developers deliver secure code faster.
Edited by Greg Tavarez