AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.

Computer scientists affiliated with Nanjing University in China and The University of Sydney in Australia say that they've developed an AI vulnerability identification system that emulates the way human bug hunters ferret out flaws.

Ziyue Wang (Nanjing) and Liyi Zhou (Sydney) have expanded upon prior work dubbed A1, an AI agent that can develop exploits for cryptocurrency smart contracts, with A2, an AI agent capable of vulnerability discovery and validation in Android apps.

They describe A2 in a preprint paper titled "Agentic Discovery and Validation of Android App Vulnerabilities."

See Full Page