OX-GPT plugin promises natural-language security analysis for application security teams. Credit: Shutterstock OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly. The Israel-based company, in a press release issued yesterday, said that generative AI has already altered the security landscape, and not for the better. AI models, according to OX, have been used to seek out new vulnerabilities and draft phishing messages, among other things. ChatGPT integration provides context for developers The plugin for ChatGPT, the generative artificial intelligence developed by OpenAI, is designed to level the playing field by allowing security teams to get code fixes, security recommendations and identify issues rapidly. “ChatGPT integration provides developers with contexts for the specific issues they are facing, including how the code in question could be exploited by hackers, the possible impact of such an attack and potential damage to the organization,” OX said in its statement. “It then provides them with control over security and enables faster and easier remediation with cut-and-paste code crafted to secure and fix the specific issue, along with an explanation of why the fix works.” OX-GPT, as the company calls the plugin, works by linking OX’s OSC&R framework to ChatGPT’s learning model, letting the AI use the intelligence provided through anonymized data in a MITRE-like framework, a company spokesperson said. AI could make vulnerabilities easier to understand It’s a combination likely to be helpful to security teams, mostly in the sense that it makes the task of understanding code vulnerabilities much easier, according to Avivah Litan, a distinguished VP analyst with Gartner Research. “It just speeds up this process since developers can just talk to ChatGPT using English or other supported languages and the GPT engine can use its vast knowledge to quickly identify vulnerabilities and guide developers through required remediation actions, as applicable,” she said. However, Litan warned, OX-GPT is unlikely to be a panacea for application security. For one thing, she said, humans are still needed in the loop every step of the way. For another, generative AI like ChatGPT has been known to generate inaccurate information, which could lead to false positives. “It can be risky, as noted,” she said. “If this does not perform as expected and generates too much false information, this capability will deservedly earn a bad reputation and will suffer setbacks in adoption.” OpenAI first announced its plugins feature in March, and it debuted to paying ChatGPT Plus subscribers this week. The idea is to allow for a greater degree of flexibility and broader use cases by allowing the AI service to interact with datasets and features from third parties. While OpenAI talked up consumer-facing services like OpenTable, Kayak and the like in its initial announcement, enterprise use cases for ChatGPT have yet to see many rollouts. The OX-GPT plugin launched yesterday. It’s free for teams of up to 20 developers, though the company declined to provide pricing data for larger shops. Related content news UK law enforcement busts online phishing marketplace The coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform. By Shweta Sharma Apr 18, 2024 4 mins Phishing Legal news Consolidation blamed for Change Healthcare ransomware attack United HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused. By John Leyden Apr 18, 2024 5 mins Ransomware Cyberattacks news Cisco announces AI-powered Hypershield for autonomous exploit patching in the cloud AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers. By John Dunn Apr 18, 2024 4 mins Threat and Vulnerability Management Cloud Security feature Are you a toxic cybersecurity boss? How to be a better CISO Horrible bosses are everywhere but cybersecurity appears to be particularly problematic, leading to talent-retention issues and security risks. Here’s how not to be a toxic CISO. By Christine Wong Apr 18, 2024 9 mins CSO and CISO Human Resources Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe