CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

AI-Assisted Vulnerability Check Development

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks. They found that while AI can assist in creating checks faster, it still requires human oversight to ensure quality and accuracy. The team has developed a workflow that combines AI assistance with human expertise to produce reliable vulnerability checks more efficiently. The team started with simple prompts in LLM chatbots but found the results messy. They then moved to an agentic approach using Cursor's agent, which showed significant improvement. The agent was able to generate checks that were closer to those written manually, but it still required course corrections. The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs. The agent then builds the template, freeing engineers to focus on deeper research. The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances. However, challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.

Timeline

  1. 29.09.2025 17:01 1 articles · 14h ago

    Intruder Develops AI-Assisted Vulnerability Check Workflow

    Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks. They found that while AI can assist in creating checks faster, it still requires human oversight to ensure quality and accuracy. The team has developed a workflow that combines AI assistance with human expertise to produce reliable vulnerability checks more efficiently. The team started with simple prompts in LLM chatbots but found the results messy. They then moved to an agentic approach using Cursor's agent, which showed significant improvement. The agent was able to generate checks that were closer to those written manually, but it still required course corrections. The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs. The agent then builds the template, freeing engineers to focus on deeper research. The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances. However, challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.

    Show sources

Information Snippets