Born out of an internal hackathon, Amazon's Autonomous Threat Analysis system uses a variety of specialized AI agents to detect weaknesses and propose fixes to the company's platforms. As generative AI pushes the speed of software development, it is also enhancing the ability of digital attackers to carry out financially motivated or state-backed hacks. This means that security teams at tech companies have more code than ever to review while dealing with even more pressure from bad actors. On Monday, Amazon will publish details for the first time of an internal system known as Autonomous Threat Analysis (ATA), which the company has been using to help its security teams proactively identify weaknesses in its platforms, perform variant analysis to quickly search for other, similar flaws, and then develop remediations and detection capabilities to plug holes before attackers find them. ATA was born out of an internal Amazon hackathon in August 2024, and security team members say that it has grown into a crucial tool since then.

Our work explores the utilization of deep learning, specifically leveraging the CodeBERT model, to enhance code security testing for Python applications by detecting SQL injection vulnerabilities. Unlike traditional security testing methods that may be slow and error-prone, our approach transforms source code into vector representations and trains a Long Short-Term Memory (LSTM) model to identify vulnerable patterns. When compared with existing static application security testing (SAST) tools, our model displays superior performance, achieving higher precision, recall, and F1-score. The study demonstrates that deep learning techniques, particularly with CodeBERT's advanced contextual understanding, can significantly improve vulnerability detection, presenting a scalable methodology applicable to various programming languages and vulnerability types.

This paper presents a framework that selectively triggers security reviews for incoming source code changes. Functioning as a review bot within a code review service, the framework can automatically request additional security reviews at pre-submit time before the code changes are submitted to a source code repository. Because performing such secure code reviews add cost, the framework employs a classifier trained to identify code changes with a high likelihood of vulnerabilities. The online classifier leverages various types of input features to analyze the review patterns, track the software engineering process, and mine specific text patterns within given code changes. The classifier and its features are meticulously chosen and optimized using data from the submitted code changes and reported vulnerabilities in Android Open Source Project (AOSP). The evaluation results demonstrate that our Vulnerability Prevention (VP) framework identifies approximately 80% of the vulnerability-inducing code changes in the dataset with a precision ratio of around 98% and a false positive rate of around 1.7%. We discuss the implications of deploying the VP framework in multi-project settings and future directions for Android security research. This paper explores and validates our approach to code change-granularity vulnerability prediction, offering a preventive technique for software security by preemptively detecting vulnerable code changes before submission.

With each passing year, contact centers experience more of the benefits of artificial intelligence. This technology -- once only a distant idea portrayed with wonder and fear in science fiction -- is now a key part of how businesses and customers interact. According to survey data from Call Centre Helper, customer satisfaction is the number one factor driving more brands to adopt artificial intelligence (AI) as a part of their customer service models. AI's ability to enable self-service and handle more calls more efficiently will prove critical for contact center success going forward. Not only that, but many contact center leaders find that its capacity for data collection and live interaction analytics presents game-changing possibilities for customer experience (CX).[1]

The market for software testing gradually shifted from manual testing at first to semi-automation and then to tool-based automation testing. In recent years, there has been an increase in demand for codeless automation, automation employing bots that use AI and ML technologies, and in particular, AI-based software test automation. The use of cutting-edge technologies like AI, Machine Learning (ML), and Deep Learning (DL) to test software efficiently is known as AI-based software testing. To automate and enhance the testing process, AI and ML use reasoning and problem-solving methods. By utilising tools that leverage data and algorithms to develop and execute the tests without any human participation, AI-based testing can be carried out successfully.

Las Vegas hacking event, the Cyber Grand Challenge was the ultimate, and only, all-machine hacking competition. Each machine identified software vulnerabilities, exploited them and patched their own systems to protect against threats -- all without a human programmer intervening. This article explains the role of automation in IT security and how it could address the skills shortage. We've all heard of the wider IT skills shortage, but the lack of security skills in the industry is even more critical. According to a report by the Life and Times of Cybersecurity Professionals, IT workers that have specialist cyber security skills are approached with a new job offer at least once a week.

Artificial Intelligence (AI) has come a long way from just being a dream to becoming an integral part of our lives. From self-driving cars to smart assistants including Alexa, every industry vertical is leveraging the capabilities of AI. The software testing industry is also leveraging AI to enhance security testing efforts while automating human testing efforts. AI and ML-based security testing efforts are helping test engineers to save a lot of time while ensuring the delivery of robust security solutions for apps and enterprises. During security testing, it is essential to gather as much information as you can to increase the odds of your success.

In the newly released World Quality Report 2019-20, IT executives said that the primary objective of QA and testing in their organizations is to grow the business and improve business outcomes, beating out last year's top priority of end-user satisfaction. However, a lack of alignment between business goals and quality ambitions is impeding the rate of agile and DevOps adoption. While automation rates are rising, many obstacles to achieving higher automation levels remain. Meanwhile, the move to security test automation has already borne results, reducing overall application security risk, respondents said. Those are just a few of the takeaways from this year's report.

Las Vegas hacking event, the Cyber Grand Challenge was the ultimate, and only, all-machine hacking competition. Each machine identified software vulnerabilities, exploited them and patched their own systems to protect against threats -- all without a human programmer intervening. This article explains the role of automation in IT security and how it could address the skills shortage. We've all heard of the wider IT skills shortage, but the lack of security skills in the industry is even more critical. According to a report by the Life and Times of Cybersecurity Professionals, IT workers that have specialist cyber security skills are approached with a new job offer at least once a week.

While the push-pull between defenders and attackers using artificial intelligence continues, there's another security dimension to machine intelligence that should be of concern. Just as the rise of IoT devices has created an inadvertent new threat surface ripe for introducing vulnerabilities, some say that AI developers are rushing their wares to market without building in appropriate security controls. While we are not talking about IA doomsday predictions for humanity from the likes of Elon Musk, there are a number of experts urging promoters of AI to pump the brakes when it comes to cybersecurity. "In traditional engineering, safety is built in upfront – but in software applications, security is all too often brought in from the rear," said Mark Testoni, CEO of SAP's NS2 national security division. "Developers are instead thinking about consumer convenience or running an enterprise. Most businesses will try to create more convenience for customers and employees, which means more connections and IoT devices, and using tools like AI."