Capital One releases VulnHunter, an open-source AI tool that finds software flaws before hackers do

https://images.ctfassets.net/jdtwqhzvc2n1/4WyYBE0eHzPTbv6jfjEWSx/7f036d0db42a8ad93985502ab8ece9f4/Nuneybits_Vector_art_of_a_Capital_One_credit_card_made_of_compu_fe529096-78bd-401e-b668-ab...

Capital One on Thursday released VulnHunter, an open-source, agentic AI security tool that scans source code for exploitable vulnerabilities, maps out how an attacker would reach them, and proposes targeted fixes — all before a single line ships to production. The tool, built internally and now available on GitHub under an Apache 2.0 license, is one of the most ambitious attempts by a major financial institution to turn offensive AI capabilities into a public defensive resource.

The move marks a striking philosophical turn for a company still defined, in many boardrooms, by a 2019 data breach that compromised the personal information of roughly 106 million people across the United States and Canada and ultimately cost the bank an $80 million federal fine.

Capital One is not simply releasing another vulnerability scanner. VulnHunter introduces what the company calls an "attacker-first forward analysis" — a workflow in which...

Copyright of this story solely belongs to venturebeat.com. To see the full text click HERE

Read more