AI-Assisted Vulnerability Check Development
Summary
Hide ▲
Show ▼
Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks. They found that while AI can assist in creating checks faster, it still requires human oversight to ensure quality and accuracy. The team has developed a workflow that combines AI assistance with human expertise to produce reliable vulnerability checks more efficiently. The team started with simple prompts in LLM chatbots but found the results messy. They then moved to an agentic approach using Cursor's agent, which showed significant improvement. The agent was able to generate checks that were closer to those written manually, but it still required course corrections. The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs. The agent then builds the template, freeing engineers to focus on deeper research. The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances. However, challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.
Timeline
-
29.09.2025 17:01 1 articles · 14h ago
Intruder Develops AI-Assisted Vulnerability Check Workflow
Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks. They found that while AI can assist in creating checks faster, it still requires human oversight to ensure quality and accuracy. The team has developed a workflow that combines AI assistance with human expertise to produce reliable vulnerability checks more efficiently. The team started with simple prompts in LLM chatbots but found the results messy. They then moved to an agentic approach using Cursor's agent, which showed significant improvement. The agent was able to generate checks that were closer to those written manually, but it still required course corrections. The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs. The agent then builds the template, freeing engineers to focus on deeper research. The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances. However, challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.
Show sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
Information Snippets
-
Intruder's security team has been experimenting with AI to speed up the development of vulnerability checks.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
-
The team started with simple prompts in LLM chatbots but found the results messy.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
-
The team moved to an agentic approach using Cursor's agent, which showed significant improvement.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
-
The agent was able to generate checks that were closer to those written manually, but it still required course corrections.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
-
The team's current workflow involves using a standard set of prompts and rules, with engineers providing key inputs.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
-
The AI has been particularly useful in creating checks for exposed admin panels and unsecured Elasticsearch instances.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01
-
Challenges remain, such as the agent's tendency to stray from strong matchers and truncate curl outputs.
First reported: 29.09.2025 17:011 source, 1 articleShow sources
- Can We Trust AI To Write Vulnerability Checks? Here's What We Found — www.bleepingcomputer.com — 29.09.2025 17:01