The introduction of AI has shaken the IT industry and while it is used also as a great marketing strategy for companies, the benefits AI can offer are unquestionably advantageous. With this post, I want to share how TEQNIX utilizes AI.
As an automation platform where hundreds of scripts and tools run simultaneously and in sequence, the volume of data generated is considerable. TEQNIX has integrated AI into the processing of some of these tools' outputs, specifically to ensure that all essential data is extracted. Let's explore this with examples and also address the privacy aspect.
Use Case
When testing or fuzzing a web application, the web server replies with various responses. Due to the variety of web applications and frameworks, it's challenging to program a tool that analyses and understands each unique response.
Just to make things more complicated, not everyone adheres to standards, and each application could have different integrations, making hacking a more intriguing yet challenging exercise. With this in mind, programming a web fuzzer that thoroughly understands the output is challenging. Even with AI, there's not a perfect solution, but it significantly helps.
AI to the Rescue
When fuzzing the application, the goal is to create unexpected behaviors or errors. However, these behaviors and errors must be studied to find weaknesses in the logic or code. In TEQNIX, the primary use of AI is as a parser to extract information based on specific criteria.
The Language Model (LLM) used by the AI can be 'fine-tuned', making it a great tool for the job. Fine-tuning ensures that for a specific TEQNIX tool, the output is parsed in a specific way and data is extracted. For example, if while testing a web search or a product details page, we encounter an error, we want to thoroughly analyze its cause. Any database-related error could become a serious vulnerability. With the use of LLM, it's easier to extract information or flag a behavior, and this is how TEQNIX utilizes it.
I found that fine-tuning the AI based on the application also reduce noise (false-positives). This is still experimental but the idea is to create a model for the application based on some initial parsing (spidering the website). Creating the model will take into account the standard behaviour of the application, this is from the initial parsing phase, and also the context of the application we have in front of us. Finally, the fuzzer is executed. The fuzzer's results are then analysed with the AI tool and used to identify or confirm the existence of vulnerabilities and obviously for the next testing phase.
The Privacy aspect
Everything we ask AI to do is recorded and used to train the LLM model itself. Thus, it's crucial that Personally Identifiable Information (PII) is not shared in our queries. Additionally, LLM models are subject to vulnerabilities. It's been found possible to hack the AI to disclose information belonging to other users. With the broader use of AI and LLM, I believe this issue may repeat itself.
In TEQNIX, when a query is made, the domain information is masked with dummy data. Furthermore, most queries do not include user information because there's no need for TEQNIX to share this data to accomplish its task. If you have concerns or want to know more about what is shared and with whom, please feel free to reach out.
The Future
In the future, more tools will be integrated with AI. Due to the speed of execution and the ability to process data faster and with more accuracy, albeit not perfect, it improves data analysis with significantly less code writing.
If you have experience fine-tuning LLM models and want to help create the next-gen pentesting tool, reach out!
