Monday, July 24, 2006

How is fuzzing like AI?

Hackers use AI to uncover vulnerabilities
"Researchers at Secure Computing said that cyber-criminals are exploiting the ability of AI tools to use a methodology referred to as 'fuzzing' to test applications for bugs."

Ok, I'm no Artificial Intelligence (AI) pro, but I believe I understand the fundamentals. I am however very familiar with software "fuzzing". Heck any competent black-box hacker is. You toss in some junk and if the output looks something like a vulnerability, then you have something to have a closer look at. Indeed there has been some cool research using fuzzing in the web browser space recently.

What I failed to understand is how fuzzing is anything like AI. Probably just the marketing teams spinning up new PR worthy headlines. Its not like it doesn't happen everyday anyway.

No comments: