The IT Nerd

Vicarius, developers of the industry’s first fully autonomous end-to-end vulnerability remediation platform, today announced the launch of vuln_GPT, the world’s first Large Language Model (LLM) model trained to generate remediation scripts for software vulnerabilities in the race to find and fix vulnerabilities faster than hackers. The vuln_GPT engine will be freely offered within vsociety, Vicarius’ social community for security researchers. vuln_GPT scripts can then easily be deployed as part of its vRx solution that allows instant remediation of vulnerabilities.

n the ever-evolving digital landscape, there are currently 200,000 vulnerabilities detected in total, with ten percent (10%) discovered in the last year and increasing at an exponential pace. Manually identifying and handling zero-days is a heavy burden, requiring significant daily manpower. In the recent MOVEit vulnerability example, almost 60 days after identifying the first vulnerability, a quarter of the affected organizations still remain vulnerable. The advent of the latest AI-driven cyber threats, such as WormGPT, make it even harder to detect and block these threats.

When it comes to vulnerability management solutions, legacy vendors lean heavily on the assessment and detection side of the house, but have failed to pay appropriate attention to the remediation aspect. Remediation is already a complex process, and security teams remain cautious when applying vendor patches in fear of causing outages or downtime to their systems. Even if a patch is available, they will often undergo a waiting period in order to minimize any potential risk.

Enter vuln_GPT. This new AI-powered remediation engine can automatically generate a remediation script to execute a number of actions. For example, scripts can remove a file, close a port, disable a protocol, or initiate a compensating control. These are all strategies that can provide a sturdy and reliable fix while vendors work on releasing a patch or while security teams test one in a lab environment. Further, because vuln_GPT works without human intervention, it also makes vulnerability detection and remediation faster and more cost effective, without the need for large research teams or highly skilled security engineers, saving time and money.

Recently, there were critical zero-day vulnerabilities discovered in Terrestrial Trunked Radio (TETRA), a radio communications protocol widely used by government, law enforcement and military organizations worldwide. While some of the vulnerabilities can be fixed through firmware updates, others can’t and are more difficult to mitigate, in particular a backdoor in CVE-2022-24402 that can expose sensitive information. Using vuln_GPT, Vicarius takes the manual work out of identifying and applying the most effective compensating controls.

With vuln_GPT, Vicarius ushers in the era of AI-generated scripts to mitigate CVEs and helps to significantly close the gap between detection and remediation. MTTD (mean time to detect) remains a prominent issue for IT teams, but MTTR presents an even bigger challenge, since most teams are not well equipped to fix vulnerabilities quickly.

vuln_GPT enables security teams to quickly fix critical issues, significantly decrease their time to react, cut down the costly aftermath of an incident, and reduce MTTD and MTTR. Vicarius believes the timing is right to help solve the skills gap, particularly when in-house research teams are short staffed and under-resourced.