UPDATED 16:27 EDT / MAY 15 2023

SECURITY

As container complexity implodes and security vulnerabilities flare up, can AI save the day?

Since the advent of artificial intelligence, the technology has found several uses across various industries: analyzing and managing data, generating text and images and even automating security.

Slim.AI Inc. harnesses the powerful capabilities of the innovative tech by using it to identify and eliminate vulnerabilities in supply chain software containers, an area where security has historically proven difficult to implement.

“2022 marked a turning point when it comes to software supply chain security in the aftermath of multiple security incidents,” said Ayse Kaya (pictured), senior director of strategic insights and analytics at Slim.AI. “We have seen this at Slim.AI, because we are scanning all these containers on a regular basis. In 2022, there was this industry-wide renewed sense of awareness, and we have seen a lot of effort being put into vulnerability detection and remediation.”

Kaya spoke with theCUBE industry analysts John Furrier and Rob Strechay at Open Source Summit NA, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how containers have evolved in complexity, how this complexity has led to increased vulnerabilities and how AI can solve these security issues.

Complexity raises concerns

Containers have become increasingly complex over the years, dramatically opening even more opportunities for cyberattacks. The number of components, packages, licenses, spatial permissions and even the magnitude of sizes of containers and their metadata has increased significantly in the past 12 months.

“These repair rupture cycles are very slow in terms of, for example, when we detect the common vulnerabilities and exposures in top publicly available containers, the likelihood that CVE results in the next 180 days is less than 20%,” Kaya said. “This is without AI-generated code … we do not seem to be coping with the challenges, and we are definitely not ahead of the curve.“

One of the biggest issues facing tech leaders and security experts is the huge influx of new code being introduced into the digital infrastructure, all generated by AI programs such as ChatGPT. Luckily, however, AI introduces the ability to automate security research, “finding the needle in the haystack” much faster than possible before.

“There is this dual nature to AI. So we will be seeing a ton of new code we will probably be detecting especially as these systems get smarter,” Kaya said. “Yesterday we talked about AI trying to understand itself. Like OpenAI was saying that GPT-4 is being used to understand GPT-2. So, there’s that recursive self-improvement cycle.”

The conversation ended with the group discussing the future of AI and how it will affect open source. While AI is rapidly developing to the point of complete unpredictability, Kaya is optimistic that the technology will open more opportunities in the future.

“What is happening is basically a user-interface revolution. The technology was here, but right now the users are enabled like nothing before. And I believe in humanity,” Kaya said. “I think we will do the right thing. We will take advantage of this. It’s more of a question of, are we ready? Are companies thinking about this properly? Are individuals thinking about this property, because there are a lot of opportunities here.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Open Source Summit NA:

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.