As container complexity implodes and security vulnerabilities flare up, can AI save the day?
Since the advent of artificial intelligence, the technology has found several uses across various industries: analyzing and managing data, generating text and images and even automating security.
Slim.AI Inc. harnesses the powerful capabilities of the innovative tech by using it to identify and eliminate vulnerabilities in supply chain software containers, an area where security has historically proven difficult to implement.
“2022 marked a turning point when it comes to software supply chain security in the aftermath of multiple security incidents,” said Ayse Kaya (pictured), senior director of strategic insights and analytics at Slim.AI. “We have seen this at Slim.AI, because we are scanning all these containers on a regular basis. In 2022, there was this industry-wide renewed sense of awareness, and we have seen a lot of effort being put into vulnerability detection and remediation.”
Kaya spoke with theCUBE industry analysts John Furrier and Rob Strechay at Open Source Summit NA, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how containers have evolved in complexity, how this complexity has led to increased vulnerabilities and how AI can solve these security issues.
Complexity raises concerns
Containers have become increasingly complex over the years, dramatically opening even more opportunities for cyberattacks. The number of components, packages, licenses, spatial permissions and even the magnitude of sizes of containers and their metadata has increased significantly in the past 12 months.
“These repair rupture cycles are very slow in terms of, for example, when we detect the common vulnerabilities and exposures in top publicly available containers, the likelihood that CVE results in the next 180 days is less than 20%,” Kaya said. “This is without AI-generated code … we do not seem to be coping with the challenges, and we are definitely not ahead of the curve.“
One of the biggest issues facing tech leaders and security experts is the huge influx of new code being introduced into the digital infrastructure, all generated by AI programs such as ChatGPT. Luckily, however, AI introduces the ability to automate security research, “finding the needle in the haystack” much faster than possible before.
“There is this dual nature to AI. So we will be seeing a ton of new code we will probably be detecting especially as these systems get smarter,” Kaya said. “Yesterday we talked about AI trying to understand itself. Like OpenAI was saying that GPT-4 is being used to understand GPT-2. So, there’s that recursive self-improvement cycle.”
The conversation ended with the group discussing the future of AI and how it will affect open source. While AI is rapidly developing to the point of complete unpredictability, Kaya is optimistic that the technology will open more opportunities in the future.
“What is happening is basically a user-interface revolution. The technology was here, but right now the users are enabled like nothing before. And I believe in humanity,” Kaya said. “I think we will do the right thing. We will take advantage of this. It’s more of a question of, are we ready? Are companies thinking about this properly? Are individuals thinking about this property, because there are a lot of opportunities here.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Open Source Summit NA:
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.