Spark Uncovers Vulnerability in WolfSSL During Beta Testing
Bonn, Germany — January 9, 2025 — Code Intelligence, the pioneer in AI-automated software testing, today announced the launch of Spark, the first AI test agent that autonomously identifies bugs and vulnerabilities in unknown code without human interaction. It’s the first AI Agent to find a real-world vulnerability by automatically generating and running a test for a widely used open-source software.
Spark is designed to fully automate software testing, from identifying bugs early in the development process to their actual remediation, drastically lowering the entry barrier to advanced security testing technologies like white-box fuzz testing. When testing software, for a codebase with 100,000 lines of code, it saves up to 1,000 hours of manual effort.
During its final beta testing, Spark uncovered a vulnerability in WolfSSL, an open-source cryptography library widely used in developing embedded devices and IoT systems. The only human involvement was launching a single command to run the AI Test Agent; analyzing the code, generating a relevant test case, and running it was done autonomously. The vulnerability, a heap-based use-after-free, could lead to unexpected behavior, crashes, or security exploits. The WolfSSL team resolved the issue immediately and released a new version with the fix in late December 2024.
“The uncovered real-world vulnerability proves that AI can effectively take over manual tasks in software testing, such as analyzing code, identifying the most likely attack vectors, generating and running tests, and can thereby yield great results,” said Eric Brueggemann, CEO of Code Intelligence. “Next, we will focus on going even further by also automatically fixing any uncovered bugs. This means the entire software testing process - from creating tests to bug remediation - will be completed in minutes without human interaction. However, humans will continue to make the final decisions. We will provide automatically generated pull requests with a proven fix for identified vulnerabilities directly in the CI/CD pipeline.”
“We were truly impressed by the abilities of Spark to enhance our fuzz testing workflows,” says Andreas Lackner, Senior Software Development Engineer at Vector Informatik. “By reducing the manual effort for creating and integrating fuzz tests, we are able to bring our cycle time down and further improve the quality of our embedded software.”
Code Intelligence will host an official launch event for its AI Test Agent on January 28, which will gather security and software development experts from companies like Continental and Mozilla. Register here for free.
About Code Intelligence
Founded in 2018 in Germany, Code Intelligence automates software security testing with AI and lowers barriers to secure code. The company’s products analyze code dynamically, stress-test every reachable line of code, and pinpoint exactly where bugs and vulnerabilities are hidden. Code Intelligence’s mission is to fully automate the detection and remediation of vulnerabilities, leveraging AI. Code Intelligence is trusted by Google, Continental, Woven by Toyota, Volkswagen’s CARIAD, and Deutsche Telekom, among others.
Media contact: https://www.code-intelligence.com/contact