Report2024-02-04
3 Minutes Read
MetaTrust Labs
In today's digital world, where trust and security are paramount concerns, organizations are constantly seeking innovative solutions to protect their systems and data from vulnerabilities and malicious activities.
In today's digital world, where trust and security are paramount concerns, organizations are constantly seeking innovative solutions to protect their systems and data from vulnerabilities and malicious activities. MetaTrust, a leading technology company, has developed an advanced AI agent that leverages the power of artificial intelligence (AI) to revolutionize trust and security. The core team of MetaTrust is Prof.Yang Liu and his lab from NTU, who recently published a paper on AI engines. In this article, we will explore the capabilities and benefits of the MetaTrust AI Agent in safeguarding critical assets and enabling a secure digital ecosystem.
The MetaTrust AI Agent is built upon state-of-the-art Large Language Models (LLMs) and offers a unified evaluation framework called LLM4Vuln. This framework decouples the vulnerability reasoning capability of LLMs from their other functionalities, allowing for a more in-depth understanding of potential vulnerabilities. By actively seeking additional information, adopting relevant vulnerability knowledge, and following instructions to produce structured results, the AI Agent enhances vulnerability detection.
The LLM4Vuln framework is at the core of the MetaTrust AI Agent's capabilities. It separates vulnerability reasoning from other LLM capabilities and evaluates how vulnerability reasoning can be enhanced when combined with the improvement of other functionalities. The framework incorporates knowledge enhancement, context supplementation, prompt schemes, and different LLM models to provide comprehensive vulnerability analysis and detection.
The AI Agent integrates raw vulnerability reports and summarized vulnerability knowledge into its evaluation process. By automatically summarizing vulnerability knowledge and generating descriptions of functionality and applicable scenarios, the AI Agent enables the retrieval of relevant vulnerability knowledge based on similarity. This knowledge enhancement significantly improves vulnerability identification and aids in accurate vulnerability reasoning.
To enhance vulnerability reasoning, the MetaTrust AI Agent leverages tool support by invoking LLM's function calling mechanism. By providing context through program analysis and additional information about the target code, the AI Agent gains a deeper understanding of potential vulnerabilities. However, it is important to strike a balance, as too much additional information can distract the AI Agent and increase false positives.
Different LLM models exhibit varying capabilities in vulnerability detection. LLMs designed for code-related tasks may not excel in vulnerability analysis. The AI Agent addresses this by adopting different prompt schemes, such as chain-of-thought (CoT), tailored specifically for vulnerability analysis scenarios. These prompt schemes align and structure the analysis output of LLMs, enabling automatic result evaluation and improving the overall vulnerability detection process.
The MetaTrust AI Agent has undergone rigorous testing with a focus on smart contract vulnerabilities. Controlled experiments using 75 ground-truth smart contract vulnerabilities, extensively audited as high-risk, were conducted across three representative LLMs (GPT-4, Mixtral, and Code Llama). The results not only revealed key findings regarding knowledge enhancement, context supplementation, prompt schemes, and different models but also identified 9 zero-day vulnerabilities in two pilot bug bounty programs, resulting in over 1,000 USD in awarded bounties.
The MetaTrust AI Agent represents a significant advancement in trust and security by harnessing the power of artificial intelligence. With its LLM4Vuln framework and advanced vulnerability reasoning capabilities, the AI Agent enables organizations to proactively detect vulnerabilities, enhance their security posture, and protect critical assets. By combining knowledge enhancement, context supplementation, and tailored prompt schemes, the AI Agent offers an intelligent and comprehensive solution for vulnerability detection. MetaTrust's AI Agent is poised to transform the digital landscape, ensuring a safer and more secure future for organizations worldwide.
MetaTrust Labs
In today's digital world, where trust and security are paramount concerns, organizations are constantly seeking innovative solutions to protect their systems and data from vulnerabilities and malicious activities.