On Monday, VirusTotal launched a new feature called Code Insight, which uses AI to analyze code. The feature is powered by Google Cloud Security AI Workbench, which was unveiled at the RSA Conference 2023. Sec-PaLM, a large language model fine-tuned for security applications, is used by the AI Workbench.
VirusTotal’s Code Insight examines potentially dangerous files to determine their malicious behavior and helps identify those that pose genuine threats. The feature is currently only capable of analyzing a subset of PowerShell files uploaded to VirusTotal. The system excludes files that have already been analyzed or are excessively large, according to Bernardo Quintero, the founder of VirusTotal.
By focusing on specific file types, such as PS1 files, VirusTotal’s Code Insight ensures that analysis resources are used effectively. This approach guarantees that only the most relevant files undergo scrutiny, resulting in efficient resource utilization.
Code Insight provides valuable insight into false positives and negatives, as it analyzes only the content of a file rather than its associated metadata, such as antivirus results. However, it is worth noting that the code analysis LLM model is susceptible to errors, and its accuracy may vary. As a result, security analysts should interpret Code Insight-generated information in the context of other relevant data when analyzing a file.
According to Quintero, incorporating LLMs into the code analysis toolset represents a significant step forward for security professionals, providing valuable insights into potentially harmful code structure and behavior. This development enhances the efficiency of threat detection and response efforts.
VirusTotal plans to add additional file formats to the supported files list in the coming days, broadening the scope of the Code Insight feature.
VirusTotal has over 500,000 registered users and is an online malware-scanning platform owned by Google’s Chronicle security subsidiary. It analyzes suspicious files and URLs for malicious content, including viruses, worms, and trojans, using over 70 antivirus scanners and domain blocklisting services.