I’ve been going down kind of a rabbithole lately with the machine learning and AI being used to fuzz and exploit found vulnerabilities. I had started looking for AI ran IDPS and firewall systems but that quickly started turning into offensive AI capability searches. Long story short I found a news article and some source code that I thought was super interesting. There’s a lot of other projects and info but this was the most promising.
If I understood this correctly, the algorithm responsible for fuzzing and scanning is called SAIVS (Spider Artificial Intelligence Vulnerability Scanner). It then passes it’s findings off to the second AI (DeepExploit) that is responsible for exploiting the vulnerability and maintaining access. Once they have finished with one host on a network they seek out another target and repeat the process. This software was a DARPA submission and was demonstrated at a few conferences.
I am absolutely sure 2 of these repos (DeepExploit and SAIVS) will go together. Any other ones, I am not.
PS: I thought this was super interesting and figured you may as well. If this isn’t supposed to go here or violates a rule, sorry, everyone. Let me know what to do and I’ll change it but hopefully you find this as exciting as I do.