Artificial intelligence (AI) software is now being widely used by hackers to find formerly undiscovered application vulnerabilities, security experts have warned. Researchers at Secure Computing said that cyber-criminals are exploiting the ability of AI tools to use a methodology referred to as ‘fuzzing’ to test applications for bugs. During this process the AI tools check allowed input for a given application and try to force abnormal responses to see whether unexpected results can be generated. Once a bug is found, further research can determine whether the bug can be exploited as a vulnerability and then packaged as an exploit.

Secure Computing found that hackers are sharing fuzzing results in a collaborative effort in IRC chatrooms and news groups to rapidly develop new threats.

The large increase in application vulnerabilities reported recently is thought to be a direct result of the use of fuzzing tools, the company added.

“Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications,” said Paul Henry, vice president of strategic accounts at Secure Computing.

“Software vendors were already struggling to keep up with patches for software bugs. The use of fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors’ ability to respond with patches.”