• StartupHub.ai
    StartupHub.aiAI Intelligence
Discover
  • Home
  • Search
  • Trending
  • News
Intelligence
  • Market Analysis
  • Comparison
  • Market Map Maker
    New
Workspace
  • Email Validator
  • Pricing
Company
  • About
  • Editorial
  • Terms
  • Privacy
  1. Home
  3. AI News
  5. AI Struggles To Secure Software Supply Chains
  1. Home
  3. AI News
  5. Artificial Intelligence
  7. AI Struggles to Secure Software Supply Chains
Artificial intelligence

AI Struggles to Secure Software Supply Chains

AI models show limited success in detecting threats within software binaries, highlighting the need for further development in AI supply chain security.

StartupHub.ai -
StartupHub.ai -
Feb 16 at 9:08 PM2 min read
Quesma's BinaryAudit AI detects AI struggles in software supply chain security
Quesma's BinaryAudit benchmark tests AI's ability to find threats in software binaries.
Key Takeaways
  • 1
    New benchmark reveals AI models, including Claude Opus 4.6, can detect only half of malicious code in software binaries.
  • 2
    Current AI performance is insufficient for direct threat detection, flagging safe code as malicious frequently.
  • 3
    AI shows potential as a future proactive defense layer for software supply chain security, but is not yet a standalone solution.

A new benchmark from Quesma, a company specializing in AI model evaluation, highlights the nascent capabilities of artificial intelligence in safeguarding software supply chains. The BinaryAudit tool, developed with input from reverse engineering expert Michał "Redford" Kowalczyk, tests AI's ability to find hidden threats within software binaries.

AI's Limited Success in Detecting Threats

The results indicate that while AI can identify some malicious code, its effectiveness is currently limited. The top-performing model, Claude Opus 4.6, achieved only a 49% success rate in detecting threats. Furthermore, these advanced AI models often flagged legitimate software as dangerous, a common issue in early AI security applications.

The Urgency of Supply Chain Security

Software supply chain attacks pose a significant and growing threat. Recent incidents include state-sponsored actors compromising widely used software like Notepad++ and the Shai Hulud 2.0 attack that affected thousands of organizations. The XZ Utils backdoor, where a contributor inserted malicious code over time, also underscores the vulnerability of trusted software sources. These attacks originate not only from external actors but also from compromised vendors or even inherent weaknesses like manufacturer-inserted code.

Transforming Security from Reactive to Proactive

Traditional binary reverse engineering is a specialized, time-consuming process typically employed only after a security incident. AI offers the potential to shift this paradigm, enabling proactive inspection of software at various stages—before deployment, during updates, or even years after release. This could fundamentally change how organizations approach AI supply chain security, moving from incident response to continuous prevention.

AI as an Assistant, Not a Solution

Jacek Migdał, CEO of Quesma, noted that the ability of current large language models to detect malicious code at all was surprising. "At current performance levels, it’s an assistant, not a solution," Migdał stated. He expressed hope that future AI models will mature enough to make binary analysis mainstream, with BinaryAudit serving to track progress in this crucial area.

BinaryAudit is publicly available at https://quesma.com/benchmarks/binaryaudit/

#AI
#Cybersecurity
#Software Development
#Open Source
#Reverse Engineering
#LLMs
#Quesma
#BinaryAudit
#Claude Opus

AI Daily Digest

Get the most important AI news daily.

GoogleSequoiaOpenAIa16z
+40k readers