OX-GPT plugin promises natural-language security analysis for application security teams.

Wired brain illustration - next step to artificial intelligence

OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly.

The Israel-based company, in a press release issued yesterday, said that generative AI has already altered the security landscape, and not for the better. AI models, according to OX, have been used to seek out new vulnerabilities and draft phishing messages, among other things.

ChatGPT integration provides context for developers

The plugin for ChatGPT, the generative artificial intelligence developed by OpenAI, is designed to level the playing field by allowing security teams to get code fixes, security recommendations and identify issues rapidly. “ChatGPT integration provides developers with contexts for the specific issues they are facing, including how the code in question could be exploited by hackers, the possible impact of such an attack and potential damage to the organization,” OX said in its statement. “It then provides them with control over security and enables faster and easier remediation with cut-and-paste code crafted to secure and fix the specific issue, along with an explanation of why the fix works.”

OX-GPT, as the company calls the plugin, works by linking OX’s OSC&R framework to ChatGPT’s learning model, letting the AI use the intelligence provided through anonymized data in a MITRE-like framework, a company spokesperson said.

AI could make vulnerabilities easier to understand

It’s a combination likely to be helpful to security teams, mostly in the sense that it makes the task of understanding code vulnerabilities much easier, according to Avivah Litan, a distinguished VP analyst with Gartner Research. “It just speeds up this process since developers can just talk to ChatGPT using English or other supported languages and the GPT engine can use its vast knowledge to quickly identify vulnerabilities and guide developers through required remediation actions, as applicable,” she said.

However, Litan warned, OX-GPT is unlikely to be a panacea for application security. For one thing, she said, humans are still needed in the loop every step of the way. For another, generative AI like ChatGPT has been known to generate inaccurate information, which could lead to false positives. “It can be risky, as noted,” she said. “If this does not perform as expected and generates too much false information, this capability will deservedly earn a bad reputation and will suffer setbacks in adoption.”

OpenAI first announced its plugins feature in March, and it debuted to paying ChatGPT Plus subscribers this week. The idea is to allow for a greater degree of flexibility and broader use cases by allowing the AI service to interact with datasets and features from third parties. While OpenAI talked up consumer-facing services like OpenTable, Kayak and the like in its initial announcement, enterprise use cases for ChatGPT have yet to see many rollouts.

The OX-GPT plugin launched yesterday. It’s free for teams of up to 20 developers, though the company declined to provide pricing data for larger shops.

Jon Gold covers IoT and wireless networking for Network World.

Copyright © 2023 IDG Communications, Inc.