VirusTotal announced on Monday the launch of a new code analysis feature based on artificial intelligence called Code Insight.
The new feature is powered by Google Cloud Security AI Workbench introduced at the RSA 2023 conference and which uses the Sec-PaLM large language model (LLM) specifically tailored to security use cases.
VirusTotal Code Insight analyzes potentially dangerous files to explain their (malicious) behavior, and it will improve the ability to identify which of them are real threats.
“Currently, this new feature is being deployed to scan a subset of PowerShell files uploaded to VirusTotal. The system excludes files very similar to those previously processed, as well as excessively large files,” the founder of VirusTotal said. VirusTotal, Bernardo Quintero. said.
“This approach makes efficient use of scanning resources, ensuring that only the most relevant files (such as PS1 files) are subjected to scrutiny.”
Code Insight will also help to better understand false positives and negatives, as its analysis is entirely independent of associated metadata (like antivirus results) since only the contents of the file are examined.
It is also important to note that the Code Analysis LLM model is also error prone and its accuracy can vary. Therefore, security analysts should interpret the information generated by Code Insight while considering contextual data relevant to the file being analyzed.
Despite this, as Quintero said, “The integration of LLMs into the arsenal of code analysis tools is a significant step forward that allows security professionals to gain valuable insights into the structure and behavior of potentially malicious code, thereby improving threat detection and response effectiveness”.
VirusTotal will be adding more file formats to the list of supported files in the coming days, with the aim of extending the reach of this new feature even further.
VirusTotal is an online malware analysis platform with over 500,000 registered users and is owned by Google’s Chronicle security subsidiary.
It scans suspicious files and URLs for malicious content (including viruses, worms, and Trojans) using over 70 antivirus scanners and domain blocklist services.