XBOW AI matched human penetration testers in a recent experiment, completing benchmarks in just 1.1% of the time taken by experts, according to CEO Oege de Moor.
In a recent experiment, an automated security testing system powered by AI has reportedly met the performance of top cybersecurity specialists by completing the same number of penetration-testing “benchmarks.” However, it did so in less than 1.1% of the time it took its human counterparts.
The results of an experiment in which XBOW AI’s penetration testing capabilities were compared to those of professional human penetration testers, or “pentesters,” were published by XBOW founder and CEO Oege de Moor on Aug. 5.
A penetration test is a simulated cyberattack on a computer system that is authorized and conducted to assess the security of the system.
XBOW developed 104 innovative benchmarks, which are a term for realistic security scenarios. These benchmarks address a variety of vulnerabilities that are intended to be intractable through web searches.
A total of five professional human pentesters from prominent cybersecurity firms were allocated 40 hours to resolve them.
Federico Muttis, the primary pentester, resolved an identical quantity to the AI system. In contrast to Muttis’s 40-hour completion time, XBOW completed the duties in 28 minutes.
“I just learned that XBOW got as many solves as I did. I am shocked. I expected it would not be able to solve some of the challenges I tackled at all, ” said Muttis.
A cybersecurity professional who specializes in the testing of the security of computer systems, networks, and web applications is known as a pentester.
Pentesters are typically white hat or “ethical” hackers who employ the same tools and techniques as malicious hackers, but for defensive purposes.
The AI has an advantage over its human counterparts in that it can operate continuously during software development, in contrast to the infrequent human pentesting.
de Moor elucidated that the methodology “guarantees that vulnerabilities are identified and resolved during the system’s development phase, prior to the opportunity for malicious actors to exploit them.”
According to numerous security experts, the crypto industry, which has already been subjected to over $1.4 billion in breaches this year, could significantly benefit from advancements in AI-powered security testing.
Kang Li, the Chief Security Officer of CertiK, stated to Cointelegraph Magazine that the auditing of smart contracts and other crypto security systems could be facilitated by continuous AI-driven security testing for crypto exchanges, wallets, and blockchain platforms.
