Qwiet AI is a company that is focused on taking the concept of security one step back in the supply chain. They are, at their heart, a vulnerability detection and management product. However, they are focused on the pre-production or pre-build phase instead of the after-launch part of vulnerability management. The product allows DevSecOps teams to identify application vulnerabilities in their code before the compilation stage. This is a core concept that has been out for a while, but as we see more and more attacks and places like NPM the need for this has certainly increased. This begs the question, how does Qwiet AI solve for this issue in a manger that makes them stand out. It cannot be just through the use of scanners or automation as that is already in place in multiple other products. The answer provided was very simple and reminded me of the Cylance days; Qwiet AI helps remove the noise that regular code vulnerability scanners generate so that developers can focus on truly impactful remediation steps. It is like tweaking an audio signal to remove the background hiss of a tape, or popping of a record so you are left with a clean signal to listen to.
As Cylance was built on a math model (Deep Learning, or Machine Learning), and I knew that Qwiet AI was leveraging AI (it is in their name) of some type, I wanted to get an understanding of the inner workings at least as far as we would talk about without revealing anything confidential. I also wanted to know how Qwiet AI addresses indirect injection attacks and other AI poisoning.
Answering the first question, Stuart told me that Qwiet AI uses a cloud based Deep Learning model that has been training on application security vulnerabilities. It is a closed model; in that it is not learning from public or non-client sources this detection model is also non-generational. Each tenant will have a version of the detection model based on the context of their specific development environment. Building this context for the detection model has two major benefits, it can speed up the scan and detect process and it makes injecting outside context more difficult. The model builds out a Code Property Graph (CPG) from any assessed code. Qwiet AI does not store the code at all, it is referenced in a hash function. Currently there has not been an identified way to reverse this CPG or hash. This is an assurance for anyone using Qwiet AI against potential IP theft or code leakage (which is nice).
On the topic of indirect injection attacks, Stuart did not seem concerned with those for the detection model based on the items listed above. It boiled down to, if someone could gain access to a tenant model, they really could only impact the detection function meaning they might be able to get vulnerable code to report as clean. However, the effort involved would be higher than the payoff. The argument boils down to, if someone popped a development system, they would probably not waste time and effort on a clean bill of health for software, they are much more likely to go after better targets. I do agree with this assessment even though I remain skeptical about AI flaws and abuse in general.
Stuart also informed me that in addition to the focused and contextual detection model they are working on an AI based remediation model. This model would work with the output of the detection model and form remediation steps that prioritized corrective steps in order to provide the best outcome. What does that mean? Well simply put if there are a number of detections from multiple sources and direct remediation is not possible, the model could suggest a mitigation step that would make the vulnerabilities not applicable. Think about Log4J and how Elastic put gates around that function to prevent abuse. They still have a vulnerable version of a dependency, but those extra steps meant someone trying to abuse Log4J was not getting anywhere. This type of remediation advice is invaluable when it comes to releasing hardened code. By implementing something like this into the existing stack, it truly could change the way current DevSecOps teams work.
Sitting in the Prohibition Bar and talking about AI with Stuart, someone that has built a very successful one in the past, I was once again impressed with how he approaches security. Even in the conversation about how to protect the AI he was able to understand the situation and relate it to actual experience in the field to answer the questions. This is not really what I normally deal with, although I will say things have gotten much better over the years. From a strategic perspective, I think there is a need for tools like Qwiet AI especially in light of recent attacks (think Clop and MoveIT). I have to wonder if using a tool like Qwiet AI would have prevented the attacks or at least minimized access and impact. From a tactical and logistical perspective, Qwiet AI as it stands is a force multiplier. It augments exiting security and development teams with a logical and rational model to compare against. As long as the context provided is accurate, the Code Property Graph should provide great insight and allow teams to properly prioritize remediation even without a remediation model. This latter piece is huge when it comes to vulnerability management of any type. If you cannot understand how to prioritize remediation, you are just chasing numbers and wasting time and money.
Qwiet AI has clearly put some thought into how to approach this problem. The combination of a context aware and focused engine to detect vulnerabilities in an application in an easy to digest format combined with client data protection is a bit novel in the industry. It allows companies that develop applications (for internal or external consumption) to properly review their code and ensure it is much more secure at launch than current tools allow. Once the remediation model is released, I expect Qwiet AI to jump far ahead of the existing tool sets in the same way that Cylance jumped ahead of other anti-malware. Stuart extended an invitation to review a demo of the product while I was at Black Hat. However, my schedule this year was just too busy to get by. I am working on setting up a demo now that the dust has settled from both Black Hat and Def Con. I will follow up with my thoughts on ease of use, UI etc. ones I that has taken place. For now, I will say that if you have development ops in house, I would highly recommend you take a look at Qwiet AI. After all, in the listening experience that is development security, it is always better to hear that clean analog line of audio than a fuzzy and distorted one. One can provide you with something akin to enjoyment, the other is just headache inducing… Qwiet AI seems poised to provide the former.