Code Intelligence has started 2025 with a bang and captured the interest of the cybersecurity community by announcing ‘Spark,’ their new AI Test Agent, ahead of a launch party later this month.
Influential AI-automated software testing company Code Intelligence has identified Spark as the first AI test agent to autonomously identify bugs and vulnerabilities in unknown code without human interaction. It becomes the first AI Agent able to locate real-world vulnerabilities by automatically generating and running a test for widely used open-source software.
Information Security Fuzz
The proof that Spark could perform such a feat was discovered during the Fuzz Testing that it was undertaking. Spark discovered a heap-based use-after-free vulnerability in wolfSSL, a vulnerability that could cause random behavior, crashes, or even security exploits. Code Intelligence contacted the team at wolfSSL, and the problem was fixed.
Remarkably, the only human involvement in the process was launching a single command to run the AI Test Agent; analyzing the code, generating a relevant test case, and running it was done autonomously. Code Intelligence believes that Spark could drastically lower the entry barrier to advanced security testing technologies. Estimating a potential saving of up to 1,000 hours of manual effort on average when testing a codebase with 100,000 lines of code.
Focused on Going Further
Code Intelligence CEO, Dr Eric Brueggemann, asserts that the identified real-world vulnerability demonstrates that AI can successfully take over manual tasks in software testing. He gave some examples of tasks where this could be achieved, including code analysis, identifying attack vectors, and the generation and execution of tests.
Dr Brueggemann believes that this discovery is just the starting point for Code Intelligence. “Next, we will focus on going even further by also automatically fixing any uncovered bugs. This means the entire software testing process – from creating tests to bug remediation – will be completed in minutes without human interaction. However, humans will continue to make the final decisions. We will provide automatically generated pull requests with a proven fix for identified vulnerabilities directly in the CI/CD pipeline.”
Industry Excitement
Andreas Lackner, Senior Software Development Engineer at Vector Informatik, welcomes the developments made by Code Intelligence. He admitted that his organization was “truly impressed by the abilities of Spark to enhance our fuzz testing workflows.” He went on to explain how, due to Spark, the quality of their embedded software had increased while the time spent creating and integrating Fuzz Tests manually had decreased.
Catching Fire
This new development undoubtedly marks a significant advancement in AI technology. In his recent Buzz article, The AI Conundrum in Security: Why the Future Belongs to the Bold, Mike Wiacek asked readers to “think of AI as a new type of weapon in an ongoing arms race.” He identified how “the danger is not in AI itself, but in failing to wield it.” In summarising modern approaches to AI adaption and implementation, he believes that “the organizations that survive and thrive in the age of AI are the ones that embrace not just the technology but the mindset of continuous adaptation.”
Fuzzing is a technique often used by malicious hackers to find software vulnerabilities. If the deployment of Spark can more effectively automate and combat this threat and free up valuable work time for security teams to work on combatting other emerging threats – it should be welcomed.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
