Using ML filters to help automated vulnerability repairs: when it helps and when it doesn't

Using ML filters to help automated vulnerability repairs: when it helps and when it doesn't Authors: Maria Camporese, University of Trento (Italy) Fabio Massacci, University of Trento (Italy), Vrije Universiteit Amsterdam (The Netherlands)This work has been partly supported by the European Union (EU) under Horizon Europe grant n . This paper reflects only the author's view and the funders are not responsible for any use that may be made of the information contained therein. As artificial intelligence (AI) becomes omnipresent, even integrated within secure software development, the safety of digital infrastructures requires new technologies and new methodologies, as highlighted in the EU Strategic Plan 2021-2024. To achieve this goal, the EU-funded Sec4AI4Sec project will develop advanced security-by-design testing and assurance techniques tailored for AI-augmented systems. These systems can democratise security expertise, enabling intelligent, automated secure coding and testing while simultaneously lowering development costs and improving software quality. However, they also introduce unique security challenges, particularly concerning fairness and explainability. Sec4AI4Sec is at the forefront of the move to tackle these challenges with a comprehensive approach, embodying the vision of better security for AI and better AI for security. Hybrid Explainable Workflows for Security and Threat Intelligence (HEWSTI) In research into threats to safety and security, people and AI collaborate to obtain actionable intelligence.