{"id":3492,"date":"2025-06-09T15:43:06","date_gmt":"2025-06-09T15:43:06","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3492"},"modified":"2025-06-09T15:43:06","modified_gmt":"2025-06-09T15:43:06","slug":"new-ai-tool-targets-critical-hole-in-thousands-of-open-source-apps","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3492","title":{"rendered":"New AI tool targets critical hole in thousands of open source apps"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Dutch and Iranian security researchers have created an automated genAI tool that can scan huge open source repositories and patch vulnerable code that could compromise applications.<\/p>\n<p>Tested by scanning GitHub for a particular path traversal vulnerability in Node.js projects that\u2019s been around since 2010, the tool identified 1,756 vulnerable projects, some described as \u201cvery influential,\u201d and led to 63 projects being patched so far.<\/p>\n<p>The tool opens the possibility for genAI platforms like ChatGPT to automatically create and distribute patches in code repositories, dramatically increasing the security of open source applications.<\/p>\n<p>But the research, described <a href=\"https:\/\/arxiv.org\/abs\/2505.20186\" target=\"_blank\" rel=\"noopener\">in a recently published paper<\/a>, also points to a serious limitation in the use of AI that will need to be fixed for this solution to be effective. While automated patching by a large language model (LLM) dramatically improves scalability, the patch also might introduce other bugs.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Dutch and Iranian security researchers have created an automated genAI tool that can scan huge open source repositories and patch vulnerable code that could compromise applications. Tested by scanning GitHub for a particular path traversal vulnerability in Node.js projects that\u2019s been around since 2010, the tool identified 1,756 vulnerable projects, some described as \u201cvery influential,\u201d [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":3493,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3492","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3492"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3492"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3492\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3493"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}