CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

AI-Assisted Vulnerability Check Development

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks. They found that while AI can assist in creating checks faster, it still requires human oversight to ensure quality and accuracy. The team has developed a workflow that combines AI assistance with human expertise to produce reliable vulnerability checks more efficiently. The team started with simple prompts in LLM chatbots but found the results messy. They then moved to an agentic approach using Cursor's agent, which showed significant improvement. The agent was able to generate checks that were closer to those written manually, but it still required course corrections. The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs. The agent then builds the template, freeing engineers to focus on deeper research. The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances. However, challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.

Timeline

  1. 29.09.2025 17:01 1 articles · 6d ago

    Intruder Develops AI-Assisted Vulnerability Check Workflow

    Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks. They found that while AI can assist in creating checks faster, it still requires human oversight to ensure quality and accuracy. The team has developed a workflow that combines AI assistance with human expertise to produce reliable vulnerability checks more efficiently. The team started with simple prompts in LLM chatbots but found the results messy. They then moved to an agentic approach using Cursor's agent, which showed significant improvement. The agent was able to generate checks that were closer to those written manually, but it still required course corrections. The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs. The agent then builds the template, freeing engineers to focus on deeper research. The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances. However, challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Automation of Pentest Delivery Enhances Security Operations

Automation is transforming pentest delivery by addressing inefficiencies in traditional reporting methods. This shift enables real-time insights, faster remediation, and standardized operations. Pentesting remains crucial for identifying security weaknesses, but outdated workflows introduce delays and inefficiencies. Automation platforms like PlexTrac streamline the process by delivering findings in real time, integrating with existing tools, and standardizing remediation workflows. This approach helps security teams act on findings immediately, accelerate remediation, and reduce manual work. Organizations adopting Continuous Threat Exposure Management (CTEM) and increasing the frequency of offensive testing benefit significantly from automated delivery. It helps cut through the noise and deliver results in real time, improving handoffs and visibility across the vulnerability lifecycle. Service providers and enterprises can gain a competitive advantage by automating delivery, integrating directly into client workflows, and driving operational maturity. Additionally, automation in pentest delivery helps in reducing the mean time to remediation (MTTR). The article highlights seven key workflows for automating pentest delivery, including creating tickets for remediation, auto-closing informational findings, sending real-time alerts for critical findings, requesting proofreading of draft findings, sending alerts when findings are ready for retest, auto-assigning findings to users, and sending finding updates to client portals. These workflows help accelerate delivery, reduce friction, and build a foundation for a modern, scalable approach to penetration test delivery.

Open in new tab