As part of our Change What’s Possible webinar series, Brian Robinson, Chief Evangelist at Corellium, recently met with David Manouchehri of ai.moda to discuss the significance of AI in addressing contemporary cybersecurity challenges. Let’s recap that discussion.
Our guest speaker, David, spent his entire career in cybersecurity. After being recruited by the Department of National Defence, David worked for startups like Linchpin Labs and decided to start his own company, ao.moda. In 2019, David became a cybersecurity AI consultant and discovered half a dozen Chrome zero-day vulnerabilities. His current focus is combining AI with security tools to solve real-world cybersecurity problems.
David also helped create Corellium’s first-ever Terraform provider. Developers interested in using HashiCorp Terraform will enjoy interfacing with Corellium in this way. You don’t have to learn Corellium’s API; you can download the provider from GitHub and start using it immediately.
During the webinar, David presented three detailed examples illustrating the transformative impact of interactive AI on cybersecurity threat detection, response, and future applications.
As David walked us through three examples of using GPT to automate complex tasks by integrating it with Corellium’s API, it became apparent how crucial artificial intelligence will be to future cybersecurity applications. AI enhances and speeds up vulnerability identification, streamlines security protocols, and automates responses in real-time. However, as it stands now, there are still some limitations, which hopefully will be solved in future iterations of GPT.
Ai.moda has been innovating new ways to identify vulnerabilities and enhance security protocols quickly. David illustrated how a large language library (GPT & GPT-4 Vision) linked to Corellium and other tech tools could work for cybersecurity applications using three simple demonstrations.
David presented three applications for interactive AI communication, input fuzzing with visual feedback, and deploying AI-driven solutions in cloud environments.
The first demo shows how quickly and easily tasks can be automated with Corellium and AI. The goal was to use natural language to determine “What devices are currently running on our Corellium account?”
David used an active Corellium account, the Corellium API, and Python 3 to achieve the task.
The tiny bit of code ran smoothly without issue and showed that two devices were running on Corellium. The demonstration illustrated how quickly and easily you can use GPT to feed natural language questions and commands to run complex tasks and tests on Corellium. Combining GPT AI with cybersecurity tools means less code, more flexibility, and streamlined operations.
This method's possibilities for discovering vulnerabilities or threats are limitless. The point is that you can test hundreds or thousands of devices simultaneously using AI instead of checking each one manually.
Developers use input fuzzing to test new software. In David’s second tutorial, he demonstrated how to automate input fuzzing using GTP-4 Vision to analyze screenshots and provide feedback on their contents. The goal was to use random keypresses to determine which inputs on iOS produced a state where the Quick Start menu popped up.
Along with the previous prerequisites, David added an S3 bucket with Backblaze to store the screenshots. The coding generated a list of random key presses, looped through them one at a time (press the key, take a screenshot), and then GPT-4 Vision evaluated each one to see if it matched the desired state. If not, it continued the loop. David instructed GPT-4 to return an answer of 1, 2, 3, etc., and if no screenshots existed, it was okay to return an empty list to avoid the AI tool creating fake data to satisfy the prompt.
Using this example, threat researchers can combine fuzzing with image analysis to detect vulnerabilities in software products and uncover new security insights. GPT-4 may reveal things about images that would not be found manually or with other modern tools.
The final demo evaluated whether our app was working as expected by using a series of predefined keypresses and then sending an email confirming the results. The code used a DNS query for corellium.com.
David used Google Cloud Run as a deployment option to show how easily you can execute complex coding tasks using GPT-4 in a cloud-based environment. Much of the previous code was reused, with new code formatting the email response in plain text and HTML.
This example demonstrates how AI can effectively monitor specific states or keypresses and trigger email alerts at any time of day or night. Automating these tasks in cloud environments allows threat researchers to scale cybersecurity AI measures to cover more ground in less time. AI improves the efficiency of security solutions in many ways.
GPT 4 is in its infancy, so touchscreen inputs are far less effective than keyboard commands. David expects that to improve with further iterations. Even with this limitation, you can easily see how the potential of natural language processing can radically simplify interactions with complex security APIs, making cybersecurity tasks more accessible to non-developers and streamlining the process for expert researchers.
Watch the webinar to see these demonstrations live and learn more about simplifying complex cybersecurity tasks using AI. Access the code for practical insights on integrating Corellium and AI for effective testing automation. The full code is available here.