Checkmarx + Vulcan Cyber

Blog

Checkmarx + Vulcan Cyber: Enabling Customers to Mitigate AI Vulnerabilities

3 min.

November 21, 2023

The impact of cyber-attacks on the global economy is predicted to be $10.5 trillion dollars by 2025. One area where threats and vulnerabilities persist is in the software development process, with AI risk now a growing concern.  

Finding and fixing vulnerabilities is crucial, but traditional approaches often relegate security measures to the final stages of the software development lifecycle (SDLC).  A proactive approach to vulnerability management and remediation is not just a nice to have, but a requirement, to protect your SDLC. By prioritizing vulnerability management earlier in the software development lifecycle (shifting left), the practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities allows organizations stay one step ahead.

Vulnerability and risk management is an important part of the AppSec and developer toolkit, which is one of the reasons that Checkmarx partnered with Vulcan Cyber.

First to Market

Vulcan Cyber developed one of the first cyber risk management platforms which was built to help organizations reduce vulnerabilities and risks. The platform correlates, prioritizes, and manages vulnerability risk across all attack surfaces.  It consolidates all vulnerability and risk data, correlating and de-duping scan results.  It orchestrates risk mitigation workflows, delivers risk remediation intelligence, and enables developers and AppSec professionals to customize their risk compliance threshold and actively measure, track, and report risk reduction.

How it Works

While we have been partners with Vulcan Cyber for some time, we are pleased to announce a new integration with our Checkmarx One™ platform.  This means that Vulcan Cyber is now integrated with our traditional Checkmarx SAST on-prem solution, as well as Checkmarx One™ SAST, SCA and IaC.  

Checkmarx One is an application security platform used for scanning, prioritizing, and addressing security vulnerabilities in an organization’s applications, projects, or source code. Vulcan customers can bring vulnerability data from Checkmarx One into Vulcan Cyber to manage their application security and construct a more comprehensive view of their attack surface, thus strengthening their cybersecurity posture.

The Checkmarx One Vulcan Connector seamlessly integrates with the Checkmarx One platform to pull and ingest code project assets and vulnerability data in the Vulcan platform.  Once the integration is complete, the Vulcan platform scans the report findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priorities.  

Plenty of Synergies with Vulcan Cyber

Checmarx and Vulcan both have a pedigree in leading threat intelligence teams and first party research into active threat actors. In fact, the Vulcan research team, Voyager18, and Checkmarx collaborated around our GenAI capabilities including the CheckAI plugin for ChatGPT. This industry-first AI AppSec plugin enables developers to scan generated code within the ChatGPT interface and provides remediation guidance and protects against malicious open-source packages targeting GenAI-generated code.

Identifying AI Hallucinations   

In particular, working with the Vulcan Cyber research team, we can collaborate to identify AI hallucinations, which is when ChatGPT provides customers with inaccurate information. We are now seeing such hallucinations being weaponized by hackers.

Attackers ask ChatGPT for coding help in common tasks. ChatGPT might provide a package recommendation that either doesn’t exist or isn’t published yet, in other words a hallucination. Then, the attackers create a malicious version of that recommended package and publish it so that when a developer asks ChatGPT for help on that problem, there is a package with a malicious payload waiting.  Our CheckAI Plugin enables developers and security teams to protect against these attacks caused by malicious open-source packages and dependencies while working within the ChatGPT interface.

Getting Started 

Together, we are dramatically working to improve the end-to-end developer experience, while also continuing to expand the AI-driven security capabilities of our CheckAI Plug-in, by augmenting it with Vulcan Cyber AI research team.

For more information get in touch with your Checkmarx account rep or contact us today.