VirusTotal introduced a new feature called VirusTotal Insight at RSA Conference 2023 that employs AI for code analysis.



This new feature uses Google Cloud Security AI Workbench to provide users with natural language summaries of code snippets. VirusTotal used large language models to train on programming languages, which enables it to transform code into simple and understandable language. The Code Insight feature helps analysts and security experts to gain deeper insights into the purpose and operation of analyzed code, thereby detecting and mitigating potential threats.

To further enhance its capabilities, VirusTotal incorporated large language models to enable text generation and summarization, as based on Sec-PaLM, a generative AI model hosted on Google Cloud AI. This model can offer natural language summaries as an AI collaborator specialized in cybersecurity and malware, providing security experts and analysts with better understanding of the code's actions.

VirusTotal has deployed this feature to analyze PowerShell files uploaded to the platform and has plans to support other file formats soon. The company stated that they will continue to develop and refine the capabilities of VirusTotal Insights, as well as other advanced features, to stay ahead of evolving cyber threats and provide users with the most effective tools possible in the field of cybersecurity.

Using AI techniques such as machine learning, VirusTotal Insight can analyze code and binaries to detect malware and other security risks. It examines various aspects of the code, including its behavior, structure, and patterns, to determine if it exhibits any malicious behavior or characteristics.

By utilizing AI algorithms, VirusTotal Insight can process large volumes of code quickly and accurately. It can identify known malware signatures, as well as detect previously unseen threats by identifying suspicious patterns that indicate potential malicious activities.

The platform also provides users with actionable insights and recommendations to mitigate identified risks. This enables organizations to proactively address security issues and make informed decisions about the safety of their codebase.

VirusTotal Insight goes beyond traditional signature-based detection methods by utilizing AI to analyze and understand the behavior of code. It employs various AI techniques, including machine learning, deep learning, and natural language processing, to provide comprehensive code analysis and threat detection capabilities.

One key advantage of using AI in code analysis is its ability to identify and analyze previously unseen or unknown threats. Unlike signature-based detection methods that rely on known malware signatures, VirusTotal Insight can detect suspicious patterns and behaviors that may indicate the presence of malware or other security risks.

The platform can also help organizations prioritize their security efforts by providing a risk score for each analyzed code snippet or file. This score indicates the likelihood of a security threat and helps organizations focus their resources on the most critical vulnerabilities.

Furthermore, VirusTotal Insight integrates with existing security tools and workflows, allowing security teams to seamlessly incorporate its insights into their existing processes. It provides an intuitive user interface where users can access detailed reports, visualize threat trends, and take necessary actions to mitigate risks.

The platform is capable of analyzing various types of files, including executables, DLLs, scripts, and more. It can identify malicious behaviors such as code injection, privilege escalation, data exfiltration, and other suspicious activities.

VirusTotal Insight also provides insights into the reputation of code components by leveraging a large database of known good and bad files. This helps organizations determine whether a particular code component is trustworthy or presents potential risks.

In addition, VirusTotal Insight allows users to upload their own code samples for analysis. This empowers developers to proactively assess the security of their software before deployment, reducing the risk of exposing users to potential threats.

By integrating VirusTotal Insight into their development processes, organizations can gain a deeper understanding of the security posture of their codebase. It enables them to make informed decisions about code acceptance, prioritize vulnerability fixes, and take proactive measures to protect against emerging threats.

One of the key features of VirusTotal Insight is its ability to identify known malware signatures. It compares the analyzed code against a vast database of previously identified malware samples, enabling it to quickly determine if any malicious code is present.

In addition to known malware, VirusTotal Insight can also detect previously unseen or zero-day threats. It does this by leveraging AI algorithms that can detect suspicious patterns and behaviors in the code. These algorithms learn from vast amounts of data, allowing them to continuously improve their ability to identify new and evolving threats.

VirusTotal Insight not only identifies potential threats but also provides detailed insights into the code, highlighting specific areas where vulnerabilities exist. This allows developers and security teams to understand the root causes of these vulnerabilities and take appropriate actions to mitigate them.

Furthermore, VirusTotal Insight offers actionable recommendations to address the identified risks. These recommendations may include patching vulnerable code, implementing secure coding practices, or adjusting software configurations to enhance security.

Overall, VirusTotal Insight helps organizations strengthen their security posture by providing comprehensive code analysis and threat detection capabilities, powered by AI and machine learning. It enables businesses to proactively identify and remediate security risks, ultimately reducing the likelihood of successful cyberattacks.

The reliance on AI for code analysis raises concerns about accuracy and context—two critical elements in cybersecurity. Analysts might find themselves misled by oversimplified summaries that fail to capture the nuances of malicious code. Furthermore, focusing on PowerShell files seems limiting; what about other prevalent scripting languages?

If VirusTotal truly aims to stay ahead of cyber threats, it must ensure that these AI-generated insights are not just buzzwords but actionable intelligence.