Electronic design automation company Synopsys Inc. today announced the launch of a new artificial intelligence-powered application security assistant that provides AI-augmented vulnerability summaries and code fixes.

Called Polaris Assist and offered as part of the Synopsys Polaris Software Integrity Platform, the new AI assistant combines large language model technology with Synopsys’ application security knowledge and intelligence. It provides security and development teams with easily understood summaries of detected vulnerabilities, AI-generated code fix recommendations and other insights to help build secure software faster.

At its launch, the new service provides two new AI-enabled capabilities. The first, Polaris AI Issue Summaries, is designed to make it easier for developers to interpret and act on static analysis results, with AI used to generate concise and actional summaries of coding weaknesses and vulnerabilities. The summaries also include the potential risks of each vulnerability and contextual guidance on how to remediate the code at hand.

The second capability, Polaris AI Fix Suggestions, helps developers reduce the time required to remediate security vulnerabilities by recommending AI-generated code fixes that can be easily reviewed, applied and adapted directly into their code.

“Polaris Assist boosts security and developer productivity, allowing them to more easily understand and remediate security vulnerabilities in their code,” explained Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Our goal with Polaris Assist is to automate repetitive or time-consuming AppSec activities so our customers can spend less time dealing with security issues and more time innovating.”

Schmitt added that the “AI-powered vulnerability summaries and code fix suggestions are compelling use cases that address real pain points many organizations are feeling today, but they also validate the immense opportunity generative AI presents for the field of application security moving forward.”

Synopsys was last in the news on April 9 when it announced the availability of Black Duck Supply Chain Edition, a software composition analysis offering that allows organizations to mitigate upstream risks in supply chain attacks. The service is designed to enable development and security teams to track dependencies across the entire application lifecycle to identify and resolve security vulnerabilities, malicious packages and license violations and conflicts.

Photo: Wikimedia Commons