“Asking for a friend” whether anyone would have a lead on how things stand with AI doing bug hunting ..?
As [hey, by sheer coincidence, exactly] three years ago I asked already. And got no serious response then. And since, there have been more talk about AI on either side of the infosec FLOT, but not much on How. Or where the FLOT is. Throw in some Adversarial Examples and there you go; arms’ races and falling behind in those…
By now, it should be easy to do such a thing; have an ML system learn what sloppy coding looks like, even when that is hiding in plain sight i.e., OK on first (syntax/compile) impressions but functionally tricky ..? A (data/input) edge case quality break-down severity tester would also help.
Then again, I suspect that some masters of invention haven’t mastered the solution, yet… As per DARPA’s request for your proposal to help solve a tangent issue; had they solved the above, they would’ve been able to translate the results to the latter.
In return, for your viewing pleasure:
[Just a pretty picture – when you’re an engineering-inclined mind; Binckhorst Den Haag Voorburg..?]