Software is writing software, thanks to generative AI.
Now, it can even help check software for cybersecurity and other risks.
NVIDIA founder and CEO Jensen Huang today unveiled in his GTC keynote how the company’s generative AI technologies can help enterprises rapidly detect and address common vulnerabilities and exposures (CVEs) and other software security issues.
The new NVIDIA NIM and NeMo Retriever microservices, along with the NVIDIA Morpheus accelerated AI framework, working together can identify such problems in just seconds, rather than the hours — or even days — it would take security analysts using traditional tools.
While traditional methods require substantial manual effort to pinpoint solutions for any discovered vulnerabilities, these technologies enable quick, automatic and actionable CVE risk analysis using large language models (LLMs) and retrieval-augmented generation, aka RAG.
This lets analysts function as CEO-like decision-makers in so-called “enterprises of the future,” where artificial intelligence accelerates much of the operational work and provides data-driven insights to inform human choices.
Generative AI for cybersecurity will become increasingly important and prevalent, as last year saw record-high reported software security flaws in the CVE public database.
Watch the application demo:
How Generative AI Works in Cybersecurity
Gartner predicts that generative AI will enable a 30% reduction in false-positive rates for application security testing and threat detection by 2027.
Offered as part of the NVIDIA AI Enterprise software platform, the NVIDIA generative AI microservices and Morpheus quickly accomplish CVE risk analysis with an extremely high level of accuracy, matching the results of most human experts.
Security analysts can use these technologies to determine whether a software package includes exploitable and vulnerable components, using LLMs and event-driven RAG triggered by the creation of a new software package or the detection of a CVE.
In the NVIDIA application demoed above, an LLM generates a list of tasks to check a software package for vulnerabilities.
Then, the NVIDIA AI-powered LLM agent searches data sources — both internal and external — for any safety actions that should be taken to bring the software into compliance.
These steps are repeated until every item on the checklist has been triaged. Then, the application summarizes the interaction and creates justifications for action, which are passed on to a human analyst to decide appropriate next steps.
In this way, event-driven RAG lets humans oversee security measures while generative AI dramatically accelerates the brunt of the research and investigative tasks that would typically take up to days for completion.
Enterprises Harness NVIDIA Generative AI for Security
NVIDIA is using the application to ensure the security of its own internal software development workflows.
On average, the application in seconds performs over 400 internet searches and makes more than 500 queries on various enterprise data sources to analyze a single software container — a task that would typically take a human up to days. NVIDIA scans 1,000+ containers per day.
Cybersecurity leader CrowdStrike is collaborating with NVIDIA to implement generative AI and RAG.
“Our industry has reached a crucial pivot point as AI becomes an equalizer for security teams and adversaries,” said Sven Krasser, senior vice president and chief scientist at CrowdStrike. “Today, threat actors are leveraging the latest AI advancements to compromise organizations with increased velocity. To stay one step ahead, security and operations teams need advanced threat detection and response capabilities that force-multiply their efforts by coupling together the power of data with targeted AI to accelerate investigations, identify potential vulnerabilities and prevent breaches in their environments.”
NIM, NeMo Retriever and Morpheus are available through NVIDIA AI Enterprise, a cloud-native software platform that provides accelerated and efficient runtime for generative AI foundation models. It streamlines generative AI adoption with security, stability, manageability and support.
Availability
Developers can experiment with NVIDIA microservices for free at ai.nvidia.com. Enterprises can deploy production-grade NIM microservices with NVIDIA AI Enterprise 5.0 running on NVIDIA-Certified Systems and leading cloud marketplaces.
See the software security application in action by joining Cybersecurity Developer Day at NVIDIA GTC, a global AI conference running through Thursday, March 21, online and at the San Jose Convention Center.